Heimdal Kerberos, SASL & NTLM

Joris Dobbelsteen Joris at familiedobbelsteen.nl
Wed Feb 13 22:43:22 UTC 2008


 I'm in the progress of installing a centralized authentication system.
At this point I have a Heimdal kerberos server with an OpenLDAP backend.
However I seem to have quite a few things that are puzzling me at the
moment and hopefully someone with more experience can guide me. I have
quite a few questions that I can't find any good answers to on the

 How do I configure SASL? Are there any readable guides?
 The provided documentation (e.g. "Cyrus SASL for System
Administrators") is rather unclear to me. What I did find pointed to the
SASL documentation or glances over it, providing obscure hints about the
configuration. Also the interaction between all components is quite
 I do have some points working, like GSSAPI on OpenLDAP.

 Another problem I have is connecting my Windows desktop (non-domain).
When utilizing GSSAPI it attempts to use NTLM. Does anyone have
documentation on how to get NTLM with Heimdal to work? Heimdal includes
the arcfour-hmac-md5 key (which is supposed to be compatible with NTLM
ways of encrypting the password).
 Is samba involved, and how? I couldn't get that from their
documentation or get how Heimdal and samba would interoperate (via

 Finally, is there any good documentation for Heimdal about setting up a
one-directional trust from heimdal to Active Directory?


- Joris

More information about the ubuntu-users mailing list