Sasl and kerberos

223 views
Skip to first unread message

Or Elimelech

unread,
May 26, 2013, 2:06:43 PM5/26/13
to ruby...@googlegroups.com
There's no documentation on how-to authenticate using kerberos and sasl method

anyone can help?

Javier Rufas

unread,
May 27, 2013, 7:30:47 AM5/27/13
to ruby...@googlegroups.com
Hello Or,

in fact, I can't help you now. I'm trying autenticate users of a Redmine (Debian 7 box) from an Active Directory (with Integrated Windows Authentication).

At this moment I can't do it using LDAP, because Net/LDAP gss_spnego authentication doesn't work (probably it's only an encoding problem), and I've installed PowerBroker Open and authenticate users using PAM, and it works (I think using Kerberos).

If I can't connect to AD via LDAP->GSS_SPNEGO, probably I'll try using Kerberos library ....

if you found a solution (specially if you have a Linux box), please, share it. I'll do too.

Regards.

Or Elimelech

unread,
May 27, 2013, 7:55:59 AM5/27/13
to ruby...@googlegroups.com
Thank you so much for sharing, can you please confirm you are using kerberos with pam and if yes then how?
Best regards



--
You received this message because you are subscribed to a topic in the Google Groups "Ruby LDAP" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/ruby-ldap/iIrhxGnGi9k/unsubscribe?hl=en-US.
To unsubscribe from this group and all its topics, send an email to ruby-ldap+...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 



--
Or Elimelech
Linux System Administrator

Javier Rufas

unread,
May 27, 2013, 10:56:33 AM5/27/13
to ruby...@googlegroups.com
Well, Idon't know at all.
It's PowerBroker Identity Services (PBIS). Take a look at  http://www.beyondtrust.com/Resources/OpenSourceDocumentation/ (PBIS Open Installation and Administration Guide)

In my box, it has configured

/etc/krb5.conf (setting REALM, etc...)
/etc/nsswitch.conf  (passwd, group)
... and some other stuff.

It works very well. It's better than Likewise Open from 6 years ago.

I haven't read the whole document, and I don't know if the software uses the best method (NTLM, SPNEGO, Kerberos) every time.
SSO on Apache uses Kerberos and needs a keytab file.

In the other hand, I've found that I can use my AD LDAP using TLS on port 636, and don't need SPNEGO neither Kerberos.

As I'm interested on Apache SSO, I'll continue this way.

Regards,

Javier
Reply all
Reply to author
Forward
0 new messages