-1

Our RHEL servers are setup with LDAP and they work just fine. Users are able to login using their credentials just fine.
There is one application that needs kerberos. We are trying to get both LDAP and Kerberos to work but it simply does not work. Using authconfig-tui, the moment we select "kerberos" the authentication breaks and users are no longer able to login.
Need to point out that our LDAP is configured to point to an Oracle product while Kerberos is configured on the AD.
Is this a supported combination ?

souser
  • 187
  • 1
  • 3
  • 8

2 Answers2

2

no, this can’t work. LDAP and Kerberos must work together. Use the AD LDAP.

Sven
  • 97,248
  • 13
  • 177
  • 225
1

the real question is : when you mean that one of your applications requires Kerberos, what does that mean exactly ? does it "require" AD ? or simply Kerberos ?

you can perfectly install/deploy a kerberos on Linux (using a different Kerberos realm than the AD one), and use it separately, or combining it with your LDAP (assuming that your LDAP supports it).

in my company, we use Sun DSEE7 along with MIT Kerberos for Solaris & Linux machines (Linux is using SSSD) for user authentication, service authentication, host authentication etc. and everything works like a charm (including some applications requiring Kerberos, some services requiring keytabs etc.).

AD also have its internal Kerberos, some applications using it in parallel, mainly windows apps.

i think we need a bit more details of your installation to help you.

olivierg
  • 494
  • 1
  • 6
  • 24
  • Linux uses sssd which uses Oracle directory for providing Linux auth. This one application however uses only Kerberos. For this one app, we need to configure Kerberos authentication via Windows AD on the few Linux servers that host this application. Of course, on these few Linux server, Linux auth should continue to work via Oracle directory. Effectively we need both Linux auth to work via sssd -> Oracle directory and Kerberos auth for this application. – souser Apr 06 '19 at 21:00