[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL/GSSAPI with multiple Kerberos realms?

To: Stephen Frost <sfrost@snowman.net>
Subject: Re: SASL/GSSAPI with multiple Kerberos realms?
From: Allan Streib <astreib@indiana.edu>
Date: Fri, 21 Feb 2003 12:52:37 -0500
Cc: openldap-software@OpenLDAP.org
In-reply-to: <20030221171543.GD18261@ns.snowman.net>


On Friday, February 21, 2003, at 12:15 PM, Stephen Frost wrote:

If you can't do cross-realm trust then the person in realm B isn't going to be able to get an ldap/<ldap server>@A ticket to talk to the ldap server with... If you do set up a cross-realm TGT so that the person in realm B can get that ldap/<ldap server>@A ticket then, using OpenLDAP 2.1.12, they should show up in LDAP as: dn:uid=person,cn=B,cn=gssapi,cn=auth

Thanks. I forgot to mention that we're still on 2.0.27 but I assume that the dn will just be in that format then (e.g. uid=person+REALM=B). I will present this to our Kerberos admins and see what they say.

Allan

References:
- Re: SASL/GSSAPI with multiple Kerberos realms?
  - From: Stephen Frost <sfrost@snowman.net>

Prev by Date: Re: LDAP + Apache + Error validating users
Next by Date: Re: sample ldifs & sample slapd.conf
Index(es):
- Chronological
- Thread