[Date Prev][Date Next] [Chronological] [Thread] [Top]

syncrepl issues using GSSAPI mech (ITS#2712)

To: openldap-its@OpenLDAP.org
Subject: syncrepl issues using GSSAPI mech (ITS#2712)
From: quanah@stanford.edu
Date: Wed, 10 Sep 2003 23:56:18 GMT

Full_Name: Quanah Gibson-Mount
Version: 2.2 HEAD 09/09/03
OS: Solaris 8
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (171.64.19.82)


Hello,

Although I find the idea of the new syncrepl process appealing, I have stumbled
across an issue when using GSSAPI

There is no syntax, when using GSSAPI as my mech, for signifying what keytab
and/or ticket that the new replication process should use.  We use a specific
service keytab for this purpose (service/ldap@stanford.edu).  If I cannot
indicate a ticket to use (like I currently do for slurpd via the KRB5CCNAME
environment variable), then OpenLDAP needs to be able to take a keytab, get a
ticket, use that ticket, and make sure it doesn't expire.  I suggest the former,
it is simpler.

--Quanah

Prev by Date: krb5-kdc.schema (ITS#2711)
Next by Date: syncrepl catchup (ITS#2713)
Index(es):
- Chronological
- Thread