[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Heimdal-Kerberos service



At 09:35 AM 2/16/2006, gilles@ffii.org wrote:
>1. Why is the "ldap" part in the principal name
>     ldap/db.harfang.homelinux.org@HARFANG.HOMELINUX.ORG
>   hard-coded? [I had tried with another "prefix", and being stuck
>   until told, on the "cyrus-sasl" ML, that I couldn't.]

LDAP service principals, per the LDAP technical specification,
use "ldap" as the service name.

As to why an LDAP service principal must be used, well, I
suggest you read up on Kerberos.  As this is not an OpenLDAP
specific topic, I won't elaborate on it further here.

The remainder of your post is likewise not OpenLDAP specific.
OpenLDAP Software is not involved in management of Kerberos
keytabs and the like.  That's left to underlying software
packages.

Kurth