[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Use GSSAPI Mechanism to authenticate against openldap server

To: openldap-software@OpenLDAP.org
Subject: Re: Use GSSAPI Mechanism to authenticate against openldap server
From: Dieter Kluenter <dieter@dkluenter.de>
Date: Tue, 23 Nov 2004 08:27:29 +0100
In-reply-to: <41A251EA.18632.3DCFCE@localhost> (S. B.'s message of "Mon, 22 Nov 2004 20:54:02 +0100")
References: <41A251EA.18632.3DCFCE@localhost>
User-agent: Gnus/5.1002 (Gnus v5.10.2) XEmacs/21.4 (Rational FORTRAN, linux)

"S.B." <Seb.ADIO@gmx.de> writes:

> Hello list,
>
> I'm trying to authenticate with the GSSAPI mechanism to the Openldap-Server. The 
> command ldapsearch -Y GSSAPI works find. But if I want to use it in my login process 
> with the following files: /etc/openldap/ldap.conf and /etc/ldap.conf than the Client makes
> an anaonymous bind to the Openldap-Server.

Actually, this is a PAM related question, the answer would be pam_krb5

> But I can still make a simple bind with the -x option. 
> I search a solution for allowing only GSSAPI binds from the Client to the Server with a 
> TLS connection. (TLS is not the problem; it works but it is actually not activated in the 
> config file!)

Manual page slapd.conf(5), security <factors>, for example
security ssf=56 sasl=56

-Dieter

-- 
Dieter Klünter | Systemberatung
http://www.dkluenter.de
GPG Key ID:01443B53

Follow-Ups:
- Re: Use GSSAPI Mechanism to authenticate against openldap server
  - From: "S.B." <Seb.ADIO@gmx.de>

References:
- Use GSSAPI Mechanism to authenticate against openldap server
  - From: "S.B." <Seb.ADIO@gmx.de>

Prev by Date: Re: OpenLDAP 2.2 and BDB not listening...
Next by Date: Re: getting Friendly country to work in a very simple setup
Index(es):
- Chronological
- Thread