[Date Prev][Date Next] [Chronological] [Thread] [Top]

LDAPv3+SASL+KrbV5+SSL/TSL



Hello,

After successfully getting to work LDAPv3+SASL+KrbV5+SSL/TSL from the
fine HOWTO on www.bayour.com.

I tried to make things a bit worse.

I authenticate some users against realm_1 and some users against realm_2
where as realm_1 there is the default realm and runing on the same machine

on an MIT Kerberos and the realm_2 is an Active Directory.

I stated that depending on the settings in the "domain_realm" section of
krb5.conf one or the other realm may authenticate.
I simplify the symptoms a bit ... the behaviour is quite strange.

I found an old message on this mailing list describing a problem that could
be related. http://www.openldap.org/lists/openldap-bugs/200201/msg00032.html

I think the realm is not initialised according to the
{KERBEROS}principal@<MY-REAL> in the users password.
In the latest version of OpenLdap I still could not spot any call to the
routine "krb5_set_principal_realm(context,client,<MY-REALM>)" as suggested
in the message of january '01.

Any ideas how I could make this work perfectly because it works partially
depending on the "domain_realm" settings.

Regards,
Claus

P.S: Sorry for my poor english and these some how confuse explanations :-)