< Previous | Contents | Next >
4. Kerberos and LDAP
Most people will not use Kerberos by itself; once an user is authenticated (Kerberos), we need to figure out what this user can do (authorization). And that would be the job of programs such as LDAP.
Replicating a Kerberos principal database between two servers can be complicated, and adds an additional user database to your network. Fortunately, MIT Kerberos can be configured to use an LDAP directory
as a principal database. This section covers configuring a primary and secondary kerberos server to use OpenLDAP for the principal database.
The examples presented here assume MIT Kerberos and OpenLDAP.