[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
LDAPv3+SASL+KrbV5+SSL/TSL
Hello,
After successfully getting to work LDAPv3+SASL+KrbV5+SSL/TSL from the
fine HOWTO on www.bayour.com.
I tried to make things a bit worse.
I authenticate some users against realm_1 and some users against realm_2
where as realm_1 there is the default realm and runing on the same machine
on an MIT Kerberos and the realm_2 is an Active Directory.
I stated that depending on the settings in the "domain_realm" section of
krb5.conf one or the other realm may authenticate.
I simplify the symptoms a bit ... the behaviour is quite strange.
I found an old message on this mailing list describing a problem that could
be related. http://www.openldap.org/lists/openldap-bugs/200201/msg00032.html
I think the realm is not initialised according to the
{KERBEROS}principal@<MY-REAL> in the users password.
In the latest version of OpenLdap I still could not spot any call to the
routine "krb5_set_principal_realm(context,client,<MY-REALM>)" as suggested
in the message of january '01.
Any ideas how I could make this work perfectly because it works partially
depending on the "domain_realm" settings.
Regards,
Claus
P.S: Sorry for my poor english and these some how confuse explanations :-)