f



Creating a Kerberos user principal using LDAP

Given a KDC using the LDAP backend, has anyone created a stand alone
tool to create user principals by directly adding a LDAP entry?

Apparently the difficultly is correctly creating the ASN.1 encoded key
attribute (krbPrincipalkey) which is harder still because of the need to
encrypt it using the master key (krbMKey).

In the LDAP world, it isn't unusual that the password attribute value is
generated with a special tool (unless the plaintext password is used).

I think two tools would be interesting. 

1. A tool that only spits out the krbPrincipalkey attribute on STDOUT.

2. A tool that creates the whole user principal including the
krbPrincipalkey.

More specifically, I would like some perl or python code that I include
in a larger project.

If either tools has not been created, there is code from the FreeIPA
project, inside ipa_pwd_extop.c (see http://tinyurl.com/cfu63x) that
fetches the master key and properly create the ASN.1 encoded key. That
code could be used as a starting point or inspiration.

Dax Kelson
Guru Labs

0
dkelson (9)
3/6/2009 12:03:12 AM
comp.protocols.kerberos 5541 articles. 1 followers. jwinius (31) is leader. Post Follow

1 Replies
785 Views

Similar Articles

[PageSpeed] 42

Dax Kelson wrote:
> If either tools has not been created, there is code from the FreeIPA
> project, inside ipa_pwd_extop.c (see http://tinyurl.com/cfu63x) that
> fetches the master key and properly create the ASN.1 encoded key. That
> code could be used as a starting point or inspiration.

Security wise catching the modify password extended operation at the
LDAP server's side is IMHO the right thing to do. FreeIPA does that for
Fedora Directory Server as backend for a MIT KDC. The overlay smbk5pwd
does it for OpenLDAP as backend for heimdal KDC.

Ciao, Michael.
0
michael198 (253)
3/6/2009 12:44:30 PM
Reply:

Similar Artilces:

Kerberos Principals in LDAP
Is there any means of storing Kerberos Principals in LDAP? Even if its just something that uses the krb5_util dump utility to push/pull Principals from LDAP to the principal stash? Heimdal is not a possibility for me. ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos >>>>> "Evan" == Evan Vittitow <evan@terralab.com> writes: Evan> Is there any means of storing Kerberos Principals in LDAP? Evan> Even if its just something that uses the krb5_util dump Evan> utility to push/pull Principals from LDAP to the principal Evan> stash? Heimdal is not a possibility for me. The next version of MIT Kerberos (1.6) is expected to have an LDAP database backend. You can check out our daily development snapshots, but the release has not yet entered beta. --Sam ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos ...

Trouble authenticating with Kerberos & LDAP
I've been very frustrated trying to get this to work. We are trying to use a windows 2003 server as our Kerberos server, along with our openldap on solaris as our directory server. The machines we want to authenticate on are all Solaris 9. The ldap tree is fully populated, and working properly. With our current nsswitch.conf, logins work using the ldap directory (with posixAccount & shadowAccount records), as does a getent passwd <ldapusername>. Also, we have our Windows 2003 server's directory setup with named users, and with our current pam.conf, we can authenticate aga...

Using kerberos with users in passwd
Hi, I am usingKerberos on Linux RHEL 5 in combination with the users in / etc/passwd. The user information is actually downloaded from an Active Directory via script. We used to have ldap in combination with Kerberos using PAM and nsswitch.conf. But the problem was, that no user information about these users wereavailable when the network wasn't working. This is no problem for users logging in via ssh, but we also want to provide application accounts via the ADS. Therefore we implemented the script solution. No we have the problem with password changes. If I uses krb5 first in pam then we get kerberos errors for userts that are not in ADS like root. If we use the unix module first then it tries to change the password locally first which is not possible since the users have the "*" in file shadow file. As it looks like, the kerberos module doesn't like the user_first_pass option which I thought was the solution for this. Does anybody run a similar configuration and can help me out here? On HP-UX there is a PAM module which uses a file pam_users.conf. Via this file it is possible to change options for PAM modules based on the user. That way we are having krb5 in pam.conf first and for all local users we have an entry in pam_user.conf giving the krb5 module an ignore option. It couldn't find anything similar for Linux. Timo ________________________________________________ Kerberos mailing list Kerberos@mit.edu h...

Kerberos failed to create a principal
Hello, We are running kerberos server that use LDAP as his DB. Until today everything works fine but suddenly user creation failed as you can see in the following example: kadmin.local: addprinc -randkey user40 NOTICE: no policy specified for user40@REALM assigning "default". Note that policy may be overridden by ACL restrictions. Unable to randomize key for "user40@REALM" Status 0x29c250c - Principal does not exist. kadmin.local: getprinc user40 Unable to retrieve principal "user40@REALM" Status 0x29c250c - Principal does not exist. The error message we get in kadmin.log file is: local6:err|error kadmin.local[782428]: LDAP: /blddir/krb514/src/plugins/ldap/ira_entry.c(193), 32: LDAP_NO_SUCH_OBJECT If you did encounter similar problem any advice/direction in how to isolate/find/understand where is the problem would be appreciated. Thank You !! Ido Levy ...

ldap used with Kerberos and squid
Am developing a security system for which am looking at using ldap and kerberos to achieve authentication and authorization.Now i have a prob that i want single user 4 which i wanted to use radius server but its not for a single user. Wats the way foward...

Using Solaris 10 built in Kerberos support with Kerberos application
In an attempt to use vendor provided Kerberos support where possible, we have been able to use the Solaris 10 Kerberos and the Solaris provided kinit, pam_krb5 and ssh or any application that uses Kerberos via GSSAPI. But we have a number of other Kerberos applications, including qpop for Kerberized pop service, aklog with OpenAFS and kerberized CVS. The problem is that Solaris only exposes Kerberos via GSSAPI, and does not provide the krb5.h files or the normal Kerberos libraries. *What I would like to ask SUN is to include the krb5.h and its friends with the Solaris 10 base system.* To get around this, http:/www.opesolaris.org/source/xref/usr/src/uts/common/gsspai/mechs/krb5/include has a krb5.h that appears to match the /usr/lib/gss/mech_krb5.so that comes with Solaris 10. (I actually downloaded the tarfile to get the header files.) I have managed to get qpop-4.0.5 and OpenAFS-1.4.0-RC1 aklog to compile and run using this krb5.h with some modification, and the MIT-1.4.1 profile.h and com_err.h. Some problems along the way: o mech_krb5.so has most of the Kerberos routines and can be used as a shared library, but is clumsy to link as its not a "libxxx" o The opensolaris krb5.h is not guaranteed to match the mech_krb5.so o The krb5.h refers to profile.h which is not supplied. o Many of the Kerberos applications also use com_err.h which is not supplied. o There is no com_err add_error_table. o Solaris does not have krb524. So aklo...

Problem using Kerberos for user authentication
I'm trying to get off the ground setting up Kerberos on a Fedora 11 box. I've attempted to follow the instructions here: http://aput.net/~jheiss/krbldap/howto.html "kinit username/admin" appears to work. But I can't get system logins to work. I've used the authconfig-tui utility to enable Kerberos for authentication; /etc/pam.d/system-auth looks like this: #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required pam_env.so auth ...

Fw: Kerberos failed to create a principal
Hello, In continue to my e-mail below we detected the attribute DISALLOW_TGT_BASED for the kadmin/admin principal. kadmin.local: getprinc kadmin/admin@REALM Principal: kadmin/admin@REALM Expiration date: [never] Last password change: Tue Oct 16 18:01:25 IST 2007 Password expiration date: [none] Maximum ticket life: 0 day 03:00:00 Maximum renewable life: 7 days 00:00:00 Last modified: Wed Nov 21 15:02:00 IST 2007 (admin/admin@REALM) Last successful authentication: [never] Last failed authentication: [never] Failed password attempts: 0 Number of keys: 4 Key: vno 3, Triple DES cbc mode with HMAC/sha1, no salt Key: vno 3, ArcFour with HMAC/md5, no salt Key: vno 3, AES-256 CTS mode with 96-bit SHA-1 HMAC, no salt Key: vno 3, DES cbc mode with RSA-MD5, no salt Attributes: DISALLOW_TGT_BASED REQUIRES_PRE_AUTH Policy: [none] Although that from googling we understand that it shouldn't be a problem we unset this attribute for the kadmin/admin principal and it seems to stabilize the system. Does it make sense ? Thanks, Ido Levy Ido Levy/Haifa/IBM@IB MIL To ...

Using OpenSSH with multiple Kerberos principals
--Apple-Mail-1--99404682 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii I apologize if this is the wrong list on which to ask help. If = that's the case, please send me a pointer to the right list (perhaps the = OpenSSH list?). I have two Kerberos principals, jiawen@ATHENA.MIT.EDU and = jiawen@CSAIL.MIT.EDU, which I like to use with OpenSSH to connect log in = to dialup servers at athena and csail, respecitvely, without passwords. = I'm using OpenSSH 5.2p1 on Mac OS X 10.6. My .ssh/config is set so that Kerberos is being used: $ cat .ssh/config ForwardX11 yes ForwardAgent yes GSSAPIAuthentication yes GSSAPIDelegateCredentials yes And when used individually, I can log into athena and csail = without passwords: $ kdestroy -A $ kinit jiawen@ATHENA.MIT.EDU $ klist -A Kerberos 5 ticket cache: 'API:Initial default ccache' Default principal: jiawen@ATHENA.MIT.EDU Valid Starting Expires Service Principal 03/09/10 01:56:42 03/09/10 11:56:42 = krbtgt/ATHENA.MIT.EDU@ATHENA.MIT.EDU renew until 03/16/10 02:56:42 $ ssh linux.dialup.mit.edu <I can log in without a password> Similarly, for login.csail.mit.edu. However, if I acquire both = principals, OpenSSH appears to use only the latest one: $ kinit jiawen@CSAIL.MIT.EDU $ klist Kerberos 5 ticket cache: 'API:3' Default principal: jiawen@CSAIL.MIT.EDU Valid Starting Expires Service Principal 03/09/10 01:58:15 03/09/10 ...

add principal to kerberos with ldap backend
Hi everyone, sorry if mu question is dump, but I can't find answer in documentation. I setup and running MIT Kerberos 1.6 with LDAP backend and can add principals with kadmin tool. Now I need a solution (if it's possible) to add principal directly to LDAP, but can't find info how to create ldif file, especially for values of krbPrincipalKey and krbExtraData. Is anyone know how these fields are constructed ? -- Nikolai Tenev Hosting Systems Support Engineer Orbitel EAD - office Sofia tel: +359 2 4004808 fax: +359 2 4004744 --------------------------------- Orbitel - Next Generation Telecom ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos >>> On Tue, May 15, 2007 at 2:48 PM, in message <200705151218.29970.ntenev@orbitel.bg>, Nikolai Tenev <ntenev@orbitel.bg> wrote: > Hi everyone, > sorry if mu question is dump, but I can't find answer in documentation. I > setup and running MIT Kerberos 1.6 with LDAP backend and can add principals > with kadmin tool. Now I need a solution (if it's possible) to add principal > directly to LDAP, but can't find info how to create ldif file, especially > for > values of krbPrincipalKey and krbExtraData. Is anyone know how these fields > are constructed ? > It is not possible to add the krbPrincipalKey attribute through a LDIF file. The format of the valu...

replacing Heimdal with MIT Kerberos, and Kerberos key attributes in LDAP back-end
Hi all Since we are migrating from Debian to RedHat, we are considering replacing our Heimdal Kerberos server (with LDAP back-end) with an MIT Kerberos server (again with LDAP back-end) since RedHat packages are only available for MIT Kerberos. In order to make this migration/upgrade as transparent as possible for our users, we want to convert all the necessary info in the Heimdal back-end to the MIT back-end. Are there any pointers available for this kind of operation? E.g. things like conversion tables mapping the corresponding Kerberos-specific LDAP attributes? Or even scripts? I'm especially looking at the Kerberos key attributes, i.e. - Heimdal: krb5Key - MIT: krbPrincipalKey Is it possible to convert the former into the latter? Is there any code available for this operation? If not, we would have to require all our users to change their passwords at the same time, which is not very feasible. Thanks in advance Bart ...

LogonUser/impersonate user using Kerberos ticket
Hello, In windows we have LogonUser function which attempts to log a user on to the local computer. We specify the user with a user name and domain and authenticate the user with a plaintext password. If the function succeeds, you receive a handle to a token that represents the logged-on user. You can then use this token handle to impersonate the specified user. Is there any api to LogonUser/impersonate user using Kerberos ticket, username and domain name without providing password? This is required for Single Sign-on feature. Thanks MADHUKAR ...

create principals in kerberos + openldap as backend (kdb5_ldap_util)
Hi, I am working configuring MIT Kerberos with openldap as backend. Till now i have been successful with integrating openldap as backend for kerberos. I have followed instruction s from http://web.mit.edu/kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-admin.html#Top and http://blogs.sun.com/wfiveash/entry/the_rough_guide_to_configuring (its for solaris) MIT Kerberos version: krb5-1.6.3 Openldap version: 2.4.7 I have successfully created realm EXAMPLE.COM kdb5_ldap_util -D cn=admin,o=org create -subtress o=org -sscope SUB -r EXAMPLE.COM -w secret this created realm also adding various entries to ldap database on ldapserver such as krbtgt/EXAMPLE.COM, kadmin/admin, kadmin/history, kadmin/changepw, etc. I have also added kdc and kadmin administrator entries to kerberos by ldif. cn=krbadmin, o=org and stash the password for same. Now i am stuck, Please answere this queries 1) how do i create principals for the same. (should i use kadmin.local option) 2) but kadmin.local doesn't work on my kdc(error given below) 3) is there any other way to create user principals....?????? As with only kerberos we use kadmin.local on kdc machine. but when in kerberos + openldap if i try using kadmin.local on kdc. It fails giving error # kadmin.local Authenticating as principal root/admin@EXAMPLE.COM with password. kadmin.local : Unable to access kerberos database while initializing kadmin.local interface. Thanks in advance. -- Regards, Amit Pawar Software Developer, Financial Technolo...

Authenticate user with Kerberos & LDAP-backend
Hi All There is a Ldap server which store many user serving the authentication in my company. Now, I set up a Kerberos server to implement single-sign-on mechanism, after that I see some idea about Kerberos and LDAP backend. It is great, I deploy it successfully on test server. But now, there is a thing I confuse: After using the LDAP-backend, can I use Kerberos to authenticate some services (SSH for example), LDAP to authenticate others services (FTP, HTTP, ... for example), and all attributes of user (cn,userPassword,... for example) to other usage, but user can change password by kpasswd tool ? Have anyone experienced this situation ? Please give me some idea and how to implement it. Thank you, Hung Ta ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos Having been down this road, I can tell the you with complete confidence that... it depends. If the LDAP server is Active Directory, you can use LDAP or AD for authentication, and they'll both work with the same password. If you're using OpenLDAP and MIT Kerberos, it's a bit more of a problem, since you essentially end up with two sets of passwords, which is not pretty. If you're using PAM for everything, it's easier to get everything to use that instead. That way, you get SSO where applications support it, and where the don't, they still use the Kerberos back end via PAM. I did this for email, whe...

kadmin help when using LDAP db (MIT kerberos)
I am relatively new to kerberos, and as part of the installation of freeipa, I am writing a script to be used by Samba for password changes. I read about kadmin.local but the man pages says "If the database is LDAP, kadmin.local need not be run on the KDC." so I am unable to use it instead of kadmin that requires a password that I do not understand very well how to supply, The fist time I started the kadmin service on a CentOS server, it says it was adding a few principals with these two commands /usr/kerberos/sbin/kadmin.local ${KRB5REALM:+-r $KRB5REALM} -q "ktadd -k /var/kerberos/krb5kdc/kadm5.keytab kadmin/admin${KRB5REALM:+@$KRB5REALM} kadmin/changepw${KRB5REALM:+@$KRB5REALM}" /usr/kerberos/sbin/kadmin.local ${KRB5REALM:+-r $KRB5REALM} -q "ktadd -k /var/kerberos/krb5kdc/kadm5.keytab kadmin/`hostname`${KRB5REALM:+@$KRB5REALM}" 2> /dev/null && success This immediately disabled the usage of kpasswd (unable to find KDC error) or kinit with a expired password how can I use the network version of kadmin in order to change a user password? which principal can i use with the right privileges: "change_password: Operation requires ``change-password'' privilege while changing password for ..." do kadmin only replaces the password? or do it reset last password change date/time and related fields? Thanks in advance ...

PLANNING THE USE OF MIT SUGESSTIONS UPON KERBEROS PROTOCOL
PLS COMPLY W/CHOICE PROTOCOLS. MT&KR ATV k 2006041400:59 GMT RSVP mailto:torregimeno@ag-asociados.com Alberto Torregimeno V'zquez Pza. Castilla, Torre 2, 5B Azuqueca de Henares 19200 Guadalajara SPAIN ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos ...

Re: Problem using Kerberos for user authentication -- ChallengeResponseAuthentication
Hi all, We are running Kerberos/Ldap on RHEL 5.2, both server and clients. We have found that if we set ChallengeResponseAuthentication yes in sshd_conf the result is no TGT ticket is created when a user logs in by ssh. This problem is detailed in a Debian bug report here; we don't see it having ever been fixed in redhat http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=339734 Setting PasswordAuthentication yes does work, at least in our environment. If anyone has any further information on this we'd appreciate it. Cheers, Steve On Wed, Nov 11, 2009 at 11:2...

Multiple Active Directory connections using LDAP/Kerberos
The application I am working on connects to one or more Windows 2003 domain controller using LDAP to retrieve information from the directory. I only require a single connection to be active at any one time, but want a single instance of the application to work through the configured connections in turn with no user intervention. The application is required to use Kerberos authentication, so in order to deal with different domain controllers and KDC hosts I am doing something like this: for each domain controller { System.setProperty("java.security.krb5.realm", <realm>...

Renaming a Kerberos realm (all principal info stored in LDAP DIT)
--9amGYk9869ThD9tj Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Hi, I would like to know whether it's possible to rename a Kerberos realm when all Kerberos related info is stored in an LDAP DIT (OpenLDAP and MIT Kerberos running an Debian Lenny AMD64)? Reason for this is that I will move my KDC to a new internal subnet (having a new internal DNS domain) and I would like my Kerberos realm to be "in sync" with the new DNS domain name. The Kerberos related info is stored in an "ou" (organizationUnit) subtree named "krb5" (initially populated with kdb5_ldap_util). Is it "safe" to - shutdown both KDC and kadmin server /etc/init.d/krb5-kdc stop /etc/init.d/krb5-admin-server stop - shutdown OpenLDAP (/etc/init.d/slapd stop) - dump the DIT (slpcat -l <file_name>) - open DIT file in editor and change all occurrences from MY.OLD.REALM to MY.NEW.REALM - modify the realm name in /etc/krb5.conf and /etc/krb5kdc/kdc.conf accordingly - delete old LDAP databases - start OpenLDAP in order to obtain a fresh database (/etc/init.d/slapd start) - shutdown OpenLDAP again (/etc/init.d/slapd stop) - add DIT again (slapadd -l <file_name>) - restart OpenLDAP (/etc/init.d/slapd start) or did I forget any relevant step(s)/substep(s)? Thanks in advance for sharing your thoughts & kind regards, Holger --9amGYk9869ThD9tj Content-Type: application/pgp-signature; name="signature.asc" Content...

KERBEROS with LDAP
Hi all, I'm experiencing some problem between authentication and authorization through Kerberos and LDAP. This is my situation: I can authenticate on LDAP through the option -Y GSSAPI after having obtained a valid TGT from the KDC. I have some questions: Is it possible to authenticate via Kerberos on LDAP without obtaining prior a ticket (i.e. when i have to authenticate to the LDAP i want that username/password was asked and then these username/password allow to obtain the ticket from Kerberos). I'm asking this because i want that this new mechanism be invisible from a user point of view. Are there some solution to this problem or I need to implement by myself a customized client that communicate with kerberos and then with the ticket to LDAP^??? Another question is about how to map authentication to authorization in LDAP. The example found was very simple with a flat LDAP, I'm in an hard situation, with an extremely non-regular LDAP tree, how to find the correct mapping to the correct identity??? Thanks in advance, Andrea ...

Kerberos + LDAP How-To
Thanks much to all of you for your responses. Much of what I wanted to do is actually answered more in depth on-line.... took me a long time to find good documentation on it. http://ofb.net/~jheiss/krbldap/howto.html Seems to be the best docs i've seen to date on the kerberos ldap link up. Just thought I'd share that. -Matt Joyce. ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos >>>>> "Matt" == Matt Joyce <syslists@vtsystems.com> writes: Matt> Thanks much to all of you for your responses. Much of what Matt> I wanted to do is actually answered more in depth Matt> on-line.... took me a long time to find good documentation Matt> on it. Matt> http://ofb.net/~jheiss/krbldap/howto.html Matt> Seems to be the best docs i've seen to date on the kerberos Matt> ldap link up. Just thought I'd share that. And I naturaly would like to take the chanse of promoting http://www.bayour.com/LDAPv3-HOWTO.html ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos Matt, why do you use SSL and put extra load on the client/server if you already use Kerberos ? SASL/GSSAPI does authentication AND encryption !! Cyrus-sasl may show only a SSF of 56, but this is only because is hardcoded in cyrus, ...

is that common to use kerberos authentication for SUN iplanet LDAP server?
Hi guys, Does anyone have experience on this to share? I've set up a SUN LDAP server and it's running fine by using simple authentication so far. Of course I want to make it more secure (to protect the password while binding to LDAP server) so I'm thinking either MD5-Digest or Kerberos. However looks like SUN LDAP itself doesn't have kerberos abilities and I have to install SEAM (Sun Enterprise Authentication Mechanism) separately to enable Kerberos..... So I was thinking that if I can easily configure SUN LDAP to use MD5-digest then that should be the easiest however it seems that I have to store the password as plain-text in LDAP server to enable MD5-digest and I don't want to do that (Let me know if there are other easier ways to enable MD5-digest). So my question is that is it pretty easy to enable Kerberos for SUN LDAP after installing SEAM? Or can SUN LDAP use other KDC as well? Thanks a lot in advance ! P.S, I know LDAPS (LDAP over SSL) can easily achieve my goal however I kinda think it's an overkill since I don't really need to protect all the LDAP transactions except for the password part... -Kent ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos Kent Wu wrote: > > So my question is that is it pretty easy to enable Kerberos > for SUN LDAP after installing SEAM? Or can SUN LDAP use other > KDC a...

How to use kerberos
Hi, We have a kerberos KDC running along with active directory. We have a web server where we have many web sites. So users access the webs= ites on the web server and have to enter the username and password for each= site everytime. So we are looking to use kerberos where user gets authenti= cated once and then they can enter the websites without getting authenticat= ed once again. Regards Deepak Bhatia You need some sort of SSO for this work. Kerb as it is I don't think support this, but there exist's known workarounds Try this: http://www.apachecon.com/eu2008/program/materials/kerb-sso-http.pdf ...

kerberos and LDAP.
hi :), Can someone list me the kerberos servers that store the principal information in the directory. we want to integrate the user info in ldap with the authentication info of kerberos. Is there any kerberos server and ldap server with this kind of a support? thanks you in advance. __________________________________ Do you Yahoo!? Win a $20,000 Career Makeover at Yahoo! HotJobs http://hotjobs.sweepstakes.yahoo.com/careermakeover ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos >>>>> "Medha" == Medha B <ban_medha@yahoo.com> writes: Medha> hi :), Can someone list me the kerberos servers that store Medha> the principal information in the directory. we want to Medha> integrate the user info in ldap with the authentication Medha> info of kerberos. Is there any kerberos server and ldap Medha> server with this kind of a support? thanks you in advance. http://www.bayour.com/LDAPv3-HOWTO.html ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos Hello medha, The latest verision on HP-UX Kerberos server 3.1, will have the necessary support to store Kerberos principals in the LDAP directory. The product will be available soon on http://software.hp.com. Please let me know if you have any further queries w.r.t ...

Web resources about - Creating a Kerberos user principal using LDAP - comp.protocols.kerberos

Principal component analysis - Wikipedia, the free encyclopedia
PCA of a multivariate Gaussian distribution centered at (1,3) with a standard deviation of 3 in roughly the (0.878, 0.478) direction and of 1 ...

Victorian principal risks jail by speaking out about asylum seeker students at his school
They are dropped off at school in a white van, and escorted to the gates every morning by two burly guards.

Catholic principal pressured to withdraw from Safe Schools Coaltion
The principal of Australia's only mainstream Catholic school signed up to the Safe Schools Coalition says he is under "considerable pressure" ...

Reddam House principal apologises to Jewish students of Moriah College over anti-Semitic chants - DailyTelegraph ...
THE principal of an elite Sydney high school has apologised to the students of a Jewish school after some student spectators yelled anti-Semitic ...

Principals say Victorian state schools lacking resources to ensure students get quality education - HeraldSun ...
MOST of Victoria’s state school principals say they don’t have enough resources to ensure their students have a quality education.

Principals: ‘School resources falling short’
MOST of Victoria’s state school principals say they don’t have enough resources to ensure their students have a quality education.

Principals back schools' responses to phone threats
Advocates for principals and parents said security measures taken after threats were made last week were satisfactory.

The Australian Ballet principal dancer Amber Scott brings Cinderella to the ball
Queensland prima ballerina Amber Scott is back in Brisbane with the stunning production of Cinderella from the Australian Ballet.

Singer Makes 369% of Principal on Argentine Bonds in Debt Offer
... the settlement reached earlier this week remain vague, this much is clear: His fund, Elliott Management, is slated to reap a payment on principal ...

​Lawsuit: Principal was warned about school child porn
Police say ​Deonte Carraway admitted to making sexual videos of children while volunteering at the elementary school

Resources last updated: 3/10/2016 1:45:12 PM