You are not logged in.
- Topics: Active | Unanswered
#1 2023-11-10 10:42:01
- rhysperry111
- Member
- From: Yorkshire, UK
- Registered: 2019-01-28
- Posts: 51
- Website
Configuring Kerberos/LDAP for shared logins across a domain/realm?
I've been trying to get Kerberos and LDAP working such that I can share users between multiple machines on a network, similar to how a traditional Windows AD domain would work.
I've got as far as setting up Kerberos on the server and a test client with the domain/realm TEST.RHYSPERRY.COM. I can test it's working as I can use kinit on the test client to get a ticket for a user principal created on the server.
I'm currently however struggling how I would get this configured to the point where I can create a user on the server, and then I can fully log in as that user from the client machine e.g. from gdm. I've had a look around, and most articles seem to suggest that LDAP can be used for this, however I've so far been unsuccessful in configuring LDAP to work with Kerberos. The Arch Wiki article for LDAP doesn't mention Kerberos at all.
Any tips or pointers are appreciated. I've not been able to find any articles that cover the entirety of the process from start to finish, so it's kinda hard to understand how every bit fits together.
Both the server and all the clients will be running Arch.
Last edited by rhysperry111 (2023-11-10 11:18:28)
Offline
#2 2023-11-11 12:54:27
- Lone_Wolf
- Forum Moderator
- From: Netherlands, Europe
- Registered: 2005-10-04
- Posts: 11,928
Re: Configuring Kerberos/LDAP for shared logins across a domain/realm?
https://web.mit.edu/kerberos/krb5-lates … _ldap.html appears to be the best source,
It assumes you have setup the necessary kerberos and openldap servers and "just" need to combine them.
Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.
(A works at time B) && (time C > time B ) ≠ (A works at time C)
Offline