[Date Prev][Date Next] [Chronological] [Thread] [Top]

seperate keytab files

To: OpenLDAP-software@OpenLDAP.org
Subject: seperate keytab files
From: Gaurav Sharma <gauravsharma0@gmail.com>
Date: Mon, 4 Apr 2005 11:02:12 -0500
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding; b=tn/WmVGScU0SqoHXzwsBYb5a/kSdVKTg0PsKV8prg0X3K03oGyNcL5Jvg7vae0PxO34ta/WxQArYs9SDvgj7aZt1esPkv4Xrw5zvibfRhiMNZ4rsZDPjDeEb7JXnH4rGg1vBh7rj0M+8uzbmjGmwzw5o7EfbeBJqFd6acuOVxyI=

Is there a way to run MIT kerberos v5 1.3.x and openldap 2.2.x using
cyrus-sasl without setting KRB5_KTNAME environment variable?

The reason I want to do this is because I have other kerberized
applications running whose authentication fails if I set
KRB5_KTNAME=/xxx/ldap.keytab (which contains the LDAP service
principle), for GSSAPI auth. I don't want ldap to have access to the
/etc/krb5.keytab file.

I have tried setting default_keytab-name=/etc/krb5.keytab in the
[libdefaults] section of my krb5.conf file and then setting
KRB5_KTNAME=/xxx/ldap.keytab without any success.

Please help.

Thanks.
GS

Follow-Ups:
- Re: seperate keytab files
  - From: Donn Cave <donn@u.washington.edu>
- Re: seperate keytab files
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Re: migrate users from ldap to kerberos
Next by Date: Re: seperate keytab files
Index(es):
- Chronological
- Thread