[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: GSSAPI, multiple aliases

To: matt.smith@uconn.edu
Subject: Re: GSSAPI, multiple aliases
From: Howard Chu <hyc@symas.com>
Date: Thu, 23 Sep 2004 05:58:25 -0700
Cc: openldap-software@OpenLDAP.org
In-reply-to: <1095941946.4821.1.camel@d80h243>
References: <1095700606.27010.91.camel@d80h243> <1095941946.4821.1.camel@d80h243>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8a2) Gecko/20040714

Matthew J. Smith wrote:

To follow up on my earlier email, (and simplify my question), could someone tell me how OpenLDAP decides which princ to read from the keytab file, supplied via the KRB5_KTNAME variable? Does it look for:

*ldap/<HOSTNAME as defined in /etc/hostname> or, *ldap/<HOSTNAME being accessed by client>

OpenLDAP doesn't make any decision at all. By its nature, the internal workings of Kerberos are completely hidden behind the GSSAPI layer and OpenLDAP knows nothing about it. You should ask on a mailing list for your Kerberos implementation how a Kerberized server works; they all work the same (otherwise there would be no interoperability, would there...).

--
 -- Howard Chu
 Chief Architect, Symas Corp.       Director, Highland Sun
 http://www.symas.com               http://highlandsun.com/hyc
 Symas: Premier OpenSource Development and Support

Follow-Ups:
- Re: GSSAPI, multiple aliases
  - From: Luke Howard <lukeh@padl.com>

References:
- GSSAPI, multiple aliases
  - From: "Matthew J. Smith" <matt.smith@uconn.edu>
- Re: GSSAPI, multiple aliases
  - From: "Matthew J. Smith" <matt.smith@uconn.edu>

Prev by Date: Re: SLAP_INDEX_SUBSTR_ANY_LEN & co
Next by Date: Re: GSSAPI, multiple aliases
Index(es):
- Chronological
- Thread