[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Integration: MIT Kerberos V and OpenLDAP with SASL/GSSAPI





--On Saturday, March 06, 2004 3:35 PM +0100 Dieter Kluenter <dieter@dkluenter.de> wrote:

Kevin <openldap@gnosys.biz> writes:

Hi All-

I'm trying to integrate the subject software and having difficulty
with the part that seems most mysterious to me:
getting slapd to say, "Oh, a user is trying to do initial kerberos
authentication through me...
[...]
For any of you that might already be doing this, how do you establish
the connection between LDAP and the authentication server?

Kevin,

I'll also note that on the server side of things, you'll either have to find patches against MIT Krb5 to make it thread safe (someone on this list has them), or compile slapd against Heimdal 0.6 Krb5 (which is what I do). Otherwise your server will be subject to lockups & other issues. It is fine to use MIT KRB5 in non-threaded clients.

--Quanah


-- Quanah Gibson-Mount Principal Software Developer ITSS/TSS/Computing Systems ITSS/TSS/Infrastructure Operations Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html