====== Хранение учетных записей KERBEROS KDC в LDAP ====== [[https://help.ubuntu.com/10.04/serverguide/C/kerberos-ldap.html]] include /etc/ldap/schema/core.schema include /etc/ldap/schema/collective.schema include /etc/ldap/schema/corba.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/duaconf.schema include /etc/ldap/schema/dyngroup.schema include /etc/ldap/schema/inetorgperson.schema include /etc/ldap/schema/java.schema include /etc/ldap/schema/misc.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/openldap.schema include /etc/ldap/schema/ppolicy.schema include /etc/ldap/schema/kerberos.schema [dbdefaults] ldap_kerberos_container_dn = dc=corpX,dc=un [realms] CORPX.UN = { kdc = localhost admin_server = localhost default_domain = corpX.un database_module = openldap_ldapconf } [dbmodules] openldap_ldapconf = { db_library = kldap ldap_kdc_dn = "cn=admin,dc=corpX,dc=un" ldap_kadmind_dn = "cn=admin,dc=corpX,dc=un" ldap_service_password_file = /etc/krb5kdc/service.keyfile ldap_servers = ldap://localhost ldap_conns_per_server = 5 } kdb5_ldap_util -D cn=admin,dc=corpX,dc=un create -subtrees dc=corpX,dc=un -r CORPX.UN -s -H ldap://localhost kdb5_ldap_util -D cn=admin,dc=corpX,dc=un stashsrvpw -f /etc/krb5kdc/service.keyfile cn=admin,dc=corpX,dc=un addprinc -x dn="uid=user1,ou=users,dc=corpX,dc=un" user1 root@server.corpX.un:~# cat hosts.ldif dn: cn=gatehost,ou=groups,dc=corpX,dc=un objectClass: posixGroup cn: gatehost gidnumber: 15001 dn: uid=gatehost,ou=users,dc=corpX,dc=un objectClass: account objectClass: posixAccount uid: gatehost cn: gatehost from LDAP loginshell: /bin/sh uidnumber: 15001 gidnumber: 15001 homedirectory: /home/gatehost gecos: gatehost from LDAP userpassword: * addprinc -x dn="uid=gatehost,ou=users,dc=corpX,dc=un" -randkey host/gate.corpX.un