[Date Prev][Date Next] [Chronological] [Thread] [Top]

slapd with Kerberos and multihomed host

To: "OpenLDAP Software Mailinglist (E-Mail)" <openldap-software@openldap.org>
Subject: slapd with Kerberos and multihomed host
From: "JUNG, Christian" <christian.jung@saarstahl.com>
Date: Fri, 22 Aug 2008 10:12:46 +0200
Content-class: urn:content-classes:message
Thread-index: AckELtwqZIvzsPPeQimKRSORTbPuGQ==
Thread-topic: slapd with Kerberos and multihomed host

Hi,

is there a possibility to configure slapd on a multihomed host to authenticate on the different interfaces with different Kerberos principals?

Example:
	one host running linux with two NICs (eth0, eth1) and slapd
	eth0: IP 10.0.0.23, hostname ldap.sn-1.example.com
	eth1: IP 10.1.0.42, hostname ldap.sn-2.example.com

A client which connects via hostname ldap.sn-1.example.com would request a ticket for the principal ldap/ldap.sn-1.example.com@EXAMPLE.COM and one connecting via ldap.sn-2.example.com would request a ticket for ldap/ldap.sn-2.example.com@EXAMPLE.COM. 

Does it suffice to store both keys in the keytab to enable slapd to authenticate for both principals, i.e. does it picks the right key?

Which hostname should I define as sasl-host when using SASL to enable plain-text authentication over a SSL-secured connection or is it possible to set multiple sasl-hosts?


bye
Chris

-- 
phone: +49 6898/10-4987
web  : www.saarstahl.de
mail : Hofstattstraße 106a
       D 66333 Voelklingen

Follow-Ups:
- Re: slapd with Kerberos and multihomed host
  - From: "Dieter Kluenter" <dieter@dkluenter.de>

Prev by Date: Re: OpenLDAP on Windows XP possible?
Next by Date: Re: how to migrate openldap from one server to another
Index(es):
- Chronological
- Thread