From owner-freebsd-questions@FreeBSD.ORG Tue Mar 6 18:28:27 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 11BAC16A400 for ; Tue, 6 Mar 2007 18:28:27 +0000 (UTC) (envelope-from mksmith@adhost.com) Received: from mail-in04.adhost.com (mail-in04.adhost.com [216.211.128.131]) by mx1.freebsd.org (Postfix) with ESMTP id E7B9913C4B3 for ; Tue, 6 Mar 2007 18:28:26 +0000 (UTC) (envelope-from mksmith@adhost.com) Received: from ad-exh01.adhost.lan (unknown [216.211.143.69]) by mail-in04.adhost.com (Postfix) with ESMTP id 839F0B8091; Tue, 6 Mar 2007 10:28:26 -0800 (PST) (envelope-from mksmith@adhost.com) MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-MimeOLE: Produced By Microsoft Exchange V6.5 x-cr-puzzleid: {7C569325-F827-4475-B3BC-06DCF55B83E1} Content-class: urn:content-classes:message Date: Tue, 6 Mar 2007 10:28:17 -0800 Message-ID: <17838240D9A5544AAA5FF95F8D52031601C59C9A@ad-exh01.adhost.lan> x-cr-hashedpuzzle: Aoq7 A1e+ B3UQ CCCM DZ9F Dq9v GhPC Ht5U I0M/ I8yk J2C2 LyiM Qe7/ Q3ob VmV3 WzdP; 2; ZgByAGUAZQBiAHMAZAAtAHEAdQBlAHMAdABpAG8AbgBzAEAAZgByAGUAZQBiAHMAZAAuAG8AcgBnADsAcgBqADQANQBAAHMAbABhAGMAawBuAGUAdAAuAGMAbwBtAA==; Sosha1_v1; 7; {7C569325-F827-4475-B3BC-06DCF55B83E1}; bQBrAHMAbQBpAHQAaABAAGEAZABoAG8AcwB0AC4AYwBvAG0A; Tue, 06 Mar 2007 18:28:17 GMT; UgBFADoAIABLAGUAcgBiAGUAcgBvAHMAIABhAHUAdABoAGUAbgB0AGkAYwBhAHQAaQBuAG8AIABhAG4AZAAgAGwAZABhAHAAIABhAHUAdABoAG8AcgBpAHoAYQB0AGkAbwBuAA== In-Reply-To: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Kerberos authenticatino and ldap authorization thread-index: AcdgFQJbS4i8hzr4StqIsBDiWOvJBAAB/WVQ References: From: "Michael K. Smith - Adhost" To: "RJ45" , Cc: Subject: RE: Kerberos authenticatino and ldap authorization X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Mar 2007 18:28:27 -0000 > -----Original Message----- > From: owner-freebsd-questions@freebsd.org [mailto:owner-freebsd- > questions@freebsd.org] On Behalf Of RJ45 > Sent: Tuesday, March 06, 2007 9:08 AM > To: freebsd-questions@freebsd.org > Subject: Kerberos authenticatino and ldap authorization >=20 >=20 > Hello, > I would liek to use FreeBSD as a login ox using krb5 authentication > and ldap authorization. > The KDC kerberos server is another machine as well hte LDAP server, > this freebsd box is a kerberos and ldap client. >=20 > Anyone could give me some good hint on hoe to configure hte FreeBSD box > in > this way ? > I tryed to search for infoes but could only get partial informations. >=20 > for example I would like to installa MIT krb5 implementation from ports > instead of using heidmal default this because the kerberos server > on my network is a MIT server and I can't use kadmin on FreeBSD > to administrer the kerberos server remotely using heidmal > implementation. > Anyone has experience of MIT krb5 implementation on FreeBSD ? >=20 > as well hoe to enable LDAP authorization for logins on FreeBSD ? >=20 > thanks >=20 > Rick Hello Rick: Check out http://joseph.randomnetworks.com/archives/2004/06/21/active-directory-wi th-nss_ldap-and-pam_ldap/. It doesn't address your question regarding MIT Kerberos specifically, but it does give a good overview of using LDAP for authentication. Granted, you won't be using it to access an Active Directory, but the other configuration parameters will apply (nsswitch.conf, ldap.conf, PAM modules, etc.). Regards, Mike