Generating krb5.keytab

Andrew Bartlett abartlet at
Tue Jun 17 22:43:33 GMT 2008

On Tue, 2008-06-17 at 18:10 +0200, Oliver Liebel wrote:

> >> I'm still confused by how your KDC ideas fit into this (if you simply
> >
> > mysql-backend of OpenLDAP allows to store/fetch LDAP data to/from 
> > MySQL database. It allows arbitrary database schema, and uses a 
> > mapping to link LDAP schema field with database tables. It isn't 
> > working with dynamic schema changes, but should be just fine for a 
> > static schema, that Samba4 uses. I am going to extend Samba4 schema 
> > with additional data that may come handy to the users. To actually 
> > achieve that, I need to be able to connect to the OpenLDAP directly, 
> > which is currently not working with Samba4, because the OpenLDAP acts 
> > as backend to Samba4, and Samba occupies LDAP designated ports.
> you can connect directly via -h ldapi://<path to socket>  or just use 
> another port, e.g.: -h ldap://<ip/fqhn>:9000/

Indeed, and this is how the LDAP backend works now (over LDAPI).  You
could also have it listen on an IP alias. 

> > I am not close to have enough knowledge about Samba4 internals,
> yet, 
> > to begin patching it, ldb and Heimdal kadmin. And Samba3 netlogon 
> > patch taught me to ask before I begin doing anything this big :-)
> >
> > So I am trying to figure out whether (1) my idea is doable, (2) the 
> > project needs it. I also understand that the time is scarce for 
> > everyone, not insist that my questions are answered and really 
> > appreciate all the answers.
> >
> > Thanks for your time, Andrew. Cheers,

I think it is do-able, and using the existing infrastructure.  I don't
see a need for drastic modifications like you propose.  Just make the
existing, working (I'm told I have to fix a few things, but that will be
resolved shortly) OpenLDAP backend use your custom MySQL schema. 

Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team 
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list