[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: only Kerberos authentication



<tandersson@nostalgie.fr> writes:

> Hi everybody,
>
> Ijust installed an Openldap directory and configured
> it to authenticate against Kerberos 5.
>
> Everythings are working fine - except that actually,
> users can both authenticate with Kerberos or LDAP -
> but I just want kerberos authentication.(so I don't
> have to maintain 2 passwords database)
>
> I think that I've forgot something in my slapd.conf
> to allow only gssapi binds to the directory.
>
> I have seen with a graphical tool that i can choose a
> password method for my users like clear crypt
> sha...but not sasl.
>
> How can I set only gssapi authentication for Openldap

Don't allow any userPassword attribute and set appropriate security
strength factor (ssf) rules, see man slapd.access(5).  GSSAPI by the way has
a sasl ssf 56.

-Dieter

-- 
Dieter Klünter | Systemberatung
Tel.: +49.40.64861967
Fax : +49.40.64891521
http://www.avci.de