--On Wednesday, July 28, 2004 4:46 PM +0200 Sensei <senseiwa@tin.it> wrote:
On Wed, 2004-07-28 at 12:23, tandersson@nostalgie.fr wrote:How can I set only gssapi authentication for Openldap?
After the database:
sasl-host your.host.name sasl-realm YOUR.REALM sasl-secprops none srvtab /etc/ldap/ldap.keytab
If you use ldap 2.2 and above, you can use regexp for username matching with k5 principal, otherwise, if you use openldap from debian stable (as I do), your suffix/basedn MUST be empty.
Actually, you could do that in 2.1, too...
--Quanah
-- Quanah Gibson-Mount Principal Software Developer ITSS/Shared Services Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html