493: Undecipherable

-Blog-

-Projects-

-About me-

-RSS-

Authentification Server via Kerberos (Heimdal) and LDAP backend

Dennis Guse

Today morning I configured heimdal KDC and as storage the openldap slapd. Slapd stores the user information and holds the kerberos authentification information. The public URI is ldaps://g00se.org. Kerberos realm: G00SE.ORG. KDC: g00se.org The openldap server uses TLS and authenfication and authorisation with the SASL GSSAPI (package (debian): libsasl2-modules-gssapi-heimdal). First I installed slapd (slapd and the above package). Added the krb5-kdc.schema. Configurated SASL support and added authorisation rules. With slapadd -f “backup.ldif” I installed my backup (without internal kerberos accounts). Modified /etc/default/slapd to let the slapd listen on ldaps:// and ldapi://. Reload the configuration.

Second I installed the heimdal-kdc. Configured the realm. Configured database backend to use the ldapi:// socket and reload it. Init the realm and create necessary kerberos host accounts (with random keys): kadmin -l

1
2
3
4
5
 init G00SE.ORG 
 add -r host/g00se.org 
 ext_keytab host/g00se.org 
 add -r ldap/g00se.org 
 ext_keytab ldap/g00se.org

Reload everything and the authenfication server was up and running! Have a nice one!!