[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: only Kerberos authentication

To: Sensei <senseiwa@tin.it>, tandersson@nostalgie.fr
Subject: Re: only Kerberos authentication
From: Quanah Gibson-Mount <quanah@stanford.edu>
Date: Wed, 28 Jul 2004 08:46:40 -0700
Cc: OpenLDAP <openldap-software@OpenLDAP.org>
Content-disposition: inline
In-reply-to: <1091026012.6318.17.camel@quantum.dia.uniroma3.it>
References: <200407281023.1d5d@th00.idoo.com> <1091026012.6318.17.camel@quantum.dia.uniroma3.it>

--On Wednesday, July 28, 2004 4:46 PM +0200 Sensei <senseiwa@tin.it> wrote:

On Wed, 2004-07-28 at 12:23, tandersson@nostalgie.fr wrote:

How can I set only gssapi authentication for Openldap?


After the database:

sasl-host your.host.name
sasl-realm YOUR.REALM
sasl-secprops none
srvtab /etc/ldap/ldap.keytab

If you use ldap 2.2 and above, you can use regexp for username matching
with k5 principal, otherwise, if you use openldap from debian stable (as
I do), your suffix/basedn MUST be empty.


Actually, you could do that in 2.1, too...

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

Follow-Ups:
- Re: only Kerberos authentication
  - From: Sensei <senseiwa@tin.it>

References:
- only Kerberos authentication
  - From: <tandersson@nostalgie.fr>
- Re: only Kerberos authentication
  - From: Sensei <senseiwa@tin.it>

Prev by Date: Re: only Kerberos authentication
Next by Date: Re: only Kerberos authentication
Index(es):
- Chronological
- Thread