[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: only Kerberos authentication





--On Wednesday, July 28, 2004 4:46 PM +0200 Sensei <senseiwa@tin.it> wrote:

On Wed, 2004-07-28 at 12:23, tandersson@nostalgie.fr wrote:
How can I set only gssapi authentication for Openldap?

After the database:

sasl-host your.host.name
sasl-realm YOUR.REALM
sasl-secprops none
srvtab /etc/ldap/ldap.keytab

If you use ldap 2.2 and above, you can use regexp for username matching
with k5 principal, otherwise, if you use openldap from debian stable (as
I do), your suffix/basedn MUST be empty.

Actually, you could do that in 2.1, too...

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html