novaBBS - comp.protocols.kerberos - krbPrincipalName not creating principal in kerberos

krbPrincipalName not creating principal in kerberos

<20319ab5-d2b7-4180-a0a6-3182a0842dcbn@googlegroups.com>

https://www.novabbs.com/devel/article-flat.php?id=210&group=comp.protocols.kerberos#210

copy link Newsgroups: comp.protocols.kerberos

X-Received: by 2002:a05:620a:4453:: with SMTP id w19mr10609272qkp.465.1643868601747;
Wed, 02 Feb 2022 22:10:01 -0800 (PST)
X-Received: by 2002:a05:6870:4502:: with SMTP id e2mr77128oao.166.1643868601451;
Wed, 02 Feb 2022 22:10:01 -0800 (PST)
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!news.misty.com!border2.nntp.dca1.giganews.com!nntp.giganews.com!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
Newsgroups: comp.protocols.kerberos
Date: Wed, 2 Feb 2022 22:10:01 -0800 (PST)
Injection-Info: google-groups.googlegroups.com; posting-host=2401:4900:1f26:5666:6a:3951:de80:d501;
posting-account=-oztEQoAAABcuWDKgxNAAPYg5ih4KuGv
NNTP-Posting-Host: 2401:4900:1f26:5666:6a:3951:de80:d501
User-Agent: G2/1.0
MIME-Version: 1.0
Message-ID: <20319ab5-d2b7-4180-a0a6-3182a0842dcbn@googlegroups.com>
Subject: krbPrincipalName not creating principal in kerberos
From: keerthik...@gmail.com (keerthi krishnan)
Injection-Date: Thu, 03 Feb 2022 06:10:01 +0000
Content-Type: text/plain; charset="UTF-8"
Lines: 45

by: keerthi krishnan - Thu, 3 Feb 2022 06:10 UTC

Hi Team,

I have ldap setup and kerberos setup.

Requirement:

1. We have list of users in ironport ldap and want to sync particular group cn to kerbros and its password. So that both ldap and. kerberos will have same password.
2. I want to create user object in ldap with multiple user alias like uid=alice, krbPrincipalAliases: alice/admin@DOMAIN.COM
krbPrincipalName: alice/admin@DOMAIN.COM

Achieved
1. I have complied smbkrb5passwd module to sync user and its password from ldap to kerberos. Here uid is creating as principal in kerberos.

Not working.

I have added user data like this
++++
dn: uid=wilf,ou=people,dc=domain,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: krbprincipalaux
objectClass: krbTicketPolicyAux
uid: wilf
cn: wilf/admin
sn: Fernandz
loginShell: /bin/bash
uidNumber: 10003
gidNumber: 10003
homeDirectory: /home/wilf
shadowMax: 60
shadowMin: 1
shadowWarning: 7
shadowInactive: 7
shadowLastChange: 0
krbPrincipalAliases: wilf/admin@DOMAINCOM
krbPrincipalName: wilf/admin@DOMAIN.COM
++++

But in kerberos, the principal creating as wilf@DOMAIN.COM but krbPrincipalAliases not creating as prinicipal.

Even I tried creating this user wilf/admin@DOMAINCOM in kerberos manually and tried changing password for uid wilf but alias and uid is not mapped so it is not updating.

How can we achieve adding multiple principal alias for the same userobject. ?. I dont want to add multiple user and manage inldap.

I am kind of blocked here. Please help me.

"Wish not to seem, but to be, the best." -- Aeschylus

devel / comp.protocols.kerberos / krbPrincipalName not creating principal in kerberos

devel / comp.protocols.kerberos / krbPrincipalName not creating principal in kerberos

Subject	Author
krbPrincipalName not creating principal in kerberos	keerthi krishnan