Filter
Top Products
Overview
Introduction to LDAP
Chapter 1 33
Integrating Kerberos Server v3.1 with LDAP
You can configure Kerberos server v3.1 with LDAP as the backend
database. By integrating the Kerberos principals with the corresponding
users in the LDAP directory, you store data for mechanisms, such as
UNIX and Kerberos in a common repository. Also, you can secure user
credentials by mandating users to use LDAP credentials.
Implementing this solution involves the following steps:
— Modifying the configuration files on the Kerberos server
— Extending the LDAP directory schema
The Kerberos Server v3.1 Administrator’s Guide first details the design
specifications in terms of the Kerberos Server requirements and the
LDAP directory requirements. It then covers the actual implementation
guidelines and procedures used to accomplish this solution.
You must use the krb_2_ldap utility to migrate your existing Kerberos
database to LDAP. See “Migrating to a Newer Version of the Kerberos
Server”, on page 41.
You can configure your Kerberos server with LDAP by either using the
autoconfiguration tool, krbsetup, or manually editing the LDAP
configuration files located in the /opt/krb5/examples directory. For
more information see Chapter 6, “Configuring the Kerberos Server with
LDAP,” on page 73. HP recommends that you use the krbsetup tool to
configure your Kerberos server with the LDAP.
You can administer and maintain the Kerberos database by either using
the HP Kerberos Administrator, a graphical user interface, or the
command-line administrator. See “Administering the Kerberos Server”,
on page 109.
NOTE Kerberos server v3.1 supports only Netscape Directory server 6.0
(J4258CA) and later, as the LDAP backend database. You must have the
LDAP-UX product installed on the Kerberos server to setup a Kerberos
server with LDAP as the backend database.