[Date Prev][Date Next] [Chronological] [Thread] [Top]

re: separate keytab files

To: openldap-software@OpenLDAP.org, gauravsharma0@gmail.com
Subject: re: separate keytab files
From: ms419@freezone.co.uk
Date: Tue, 5 Apr 2005 15:19:16 -0700

As Kurt pointed out, this issue concerns the SASL library - not OpenLDAP itself -

However, according to Options for Cyrus SASL - http://asg.web.cmu.edu/cyrus/download/sasl/options.html - one should be able to specify the keytab's location using the SASL "keytab:" option.

Unfortunately, it's been my experience that the "keytab:" option is as yet unimplemented : (

This from the SASL 2.1.19 doc/TODO -


	[...]
	GSSAPI
	~~~~~~
	) Allow specification of alternate keytab file
	[...]

Apparently a couple folks have recently resumed work on this option - http://thread.gmane.org/gmane.comp.security.cyrus.sasl/4003

Meanwhile, as Donn suggests, I add -


	export KRB5_KTNAME=/etc/ldap/krb5.keytab

- to my Debian /etc/default/slapd init configuration file. PS - watch out for apps which don't import all environment variables (eg. Postfix)

Regards,

Jack

Prev by Date: Re: Setting up a Proxy Cache
Next by Date: Txn_checkpoint and Malloc
Index(es):
- Chronological
- Thread