[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Secure replication, using KerberosV keytab (or SASL?)

To: openldap-software@OpenLDAP.org
Subject: Re: Secure replication, using KerberosV keytab (or SASL?)
From: GOMBAS Gabor <gombasg@inf.elte.hu>
Date: Tue, 20 Mar 2001 12:18:09 +0100
Content-disposition: inline
In-reply-to: <87zoehlb2k.fsf@papadoc.bayour.com>; from turbo@bayour.com on Mon, Mar 19, 2001 at 10:10:11PM +0100
References: <87zoehlb2k.fsf@papadoc.bayour.com>

On Mon, Mar 19, 2001 at 10:10:11PM +0100, Turbo Fredriksson wrote:

> I'm currently working on getting secure replication, using TLS/SSL
> and SASL/KerberosV to work... Using my knowledge from OpenLDAP1, I
> did this on the master server:
> 
> ----- s n i p -----
> replica         host=localhost:3391
>                 tls=yes
>                 bindmethod=kerberos
>                 srvtab=/etc/ldap/slurpd.keytab

You said you want KerberosV; "bindmethod=kerberos" and "srvtab" are
Kerberos 4 things.

> But if I'm using 'bindmethod=sasl', then I can't use a keytab...?

I'm running kinit from cron to maintain a credential cache file. I
think the GSSAPI library in Heimdal-0.3e can use a keytab directly, but
I'm still using Heimdal-0.3d.

Gabor

-- 
Gabor Gombas                                       Eotvos Lorand University
E-mail: gombasg@inf.elte.hu                        Hungary

Follow-Ups:
- Re: Secure replication, using KerberosV keytab (or SASL?)
  - From: Turbo Fredriksson <turbo@bayour.com>

References:
- Secure replication, using KerberosV keytab (or SASL?)
  - From: Turbo Fredriksson <turbo@bayour.com>

Prev by Date: SASL??
Next by Date: RE: SASL??
Index(es):
- Chronological
- Thread