On Thu, 2004-08-05 at 12:03, Quanah Gibson-Mount wrote: > --On Thursday, August 05, 2004 11:34 AM -0400 "Matthew J. Smith" > <matt.smith@uconn.edu> wrote: > > > Hello- > > > > I have searched the archives and Google with little luck, although > > maybe I just haven't used the right keywords yet. I am looking to > > perform replication via syncrepl, using GSSAPI for authentication. I > > have GSSAPI working for user authentication already. > > > > With syncrepl, how do I get my consumer to obtain a ticket, using it's > > keytab (default /etc/krb5.keytab for now, although I'd like to move > > that), so that it can attach to my provider? > > > > I am considering a cron job on the consumer that issues a "kinit > > --keytab=..." every so often, but that seems inelegant. > > > > Is there a way to get the syncrepl process to obtain it's own ticket > > using the keytab? I see a credentials=<password> option in the syncrepl > > config -- is there a similar (undocumented?) keytab=<keytabfile> > > option? > > > > Any help is appreciated! > > I've been testing syncRepl with GSSAPI. > > I suggest you use the k5start utility: > > <http://www.eyrie.org/~eagle/software/kstart/> > > and combine that with svcscan to create a process that will continually > keep a ticket alive for you. > > Then simply set the KRB5CCNAME environment variable in the startup script > for SLAPD. > > --Quanah > > -- > Quanah Gibson-Mount > Principal Software Developer > ITSS/Shared Services > Stanford University > GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html Thank you for the response. Google did bring me across k5start, and I am contemplating it's use. I was hoping that slapd could do this without needing any extra utilities, simply obtaining and refreshing the ticket as part of the syncrepl process. I may use k5start (or even just a cron'd kinit). But first, can anyone definitively tell me whether slapd does or will ever directly support this functionality? -Matt -- Matthew J. Smith <matt.smith@uconn.edu> University of Connecticut ITS
Attachment:
signature.asc
Description: This is a digitally signed message part