[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Ldap kerberos ticket - GSSAPI

To: pkoelle@gmail.com
Subject: Re: Ldap kerberos ticket - GSSAPI
From: "Manel Euro" <euro_32@hotmail.com>
Date: Wed, 30 Mar 2005 11:01:17 +0000
Cc: openldap-software@OpenLDAP.org
In-reply-to: <424A713D.6070204@subsignal.org>

From: pkoelle <pkoelle@gmail.com>
To: Manel Euro <euro_32@hotmail.com>
CC: openldap-software@OpenLDAP.org
Subject: Re: Ldap kerberos ticket - GSSAPI
Date: Wed, 30 Mar 2005 11:28:29 +0200
Manel Euro wrote:
1st- SASL/gssapi 2nd- pass throught authentication - userPASSWORD: {sasl}user@REALM-COM and saslauthd

I am using the first one. So, in this method when the kerberos ticket is presented to the slapd, slapd maps this kerberos principal to the *corresponding* directory DN. On this case, the principal testePac@EXAMPLE.NET does not have an entry on the directory. Therefore, according to what I have understood, this user shout not get a Kerberos TGS to LDAP.
No, the KDC issuing tickets has no idea about what's in your directory. Kerberos is just a means to prove identity to the DSA, not authorization.


Thank you all for your answers.

_________________________________________________________________ Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/

Prev by Date: about dns-ldap
Next by Date: Re: Ldap kerberos ticket - GSSAPI
Index(es):
- Chronological
- Thread