[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: SASL/GSSAPI with multiple Kerberos realms?
On Friday, February 21, 2003, at 12:15 PM, Stephen Frost wrote:
If you can't do cross-realm trust then the person in realm B isn't
going
to be able to get an ldap/<ldap server>@A ticket to talk to the ldap
server with... If you do set up a cross-realm TGT so that the person
in
realm B can get that ldap/<ldap server>@A ticket then, using OpenLDAP
2.1.12, they should show up in LDAP as:
dn:uid=person,cn=B,cn=gssapi,cn=auth
Thanks. I forgot to mention that we're still on 2.0.27 but I assume
that the dn will just be in that format then (e.g. uid=person+REALM=B).
I will present this to our Kerberos admins and see what they say.
Allan