[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: slapd with Kerberos and multihomed host
"JUNG, Christian" <christian.jung@saarstahl.com> writes:
> Hi,
>
> is there a possibility to configure slapd on a multihomed host to
> authenticate on the different interfaces with different Kerberos
> principals?
>
> Example:
> one host running linux with two NICs (eth0, eth1) and slapd
> eth0: IP 10.0.0.23, hostname ldap.sn-1.example.com
> eth1: IP 10.1.0.42, hostname ldap.sn-2.example.com
>
> A client which connects via hostname ldap.sn-1.example.com would
> request a ticket for the principal
> ldap/ldap.sn-1.example.com@EXAMPLE.COM and one connecting via
> ldap.sn-2.example.com would request a ticket for
> ldap/ldap.sn-2.example.com@EXAMPLE.COM.
You may run 2 different instances of slapd, the second instance as
proxy.
> Does it suffice to store both keys in the keytab to enable slapd to
> authenticate for both principals, i.e. does it picks the right key?
yes, if your system is setup accordingly.
> Which hostname should I define as sasl-host when using SASL to enable
> plain-text authentication over a SSL-secured connection or is it
> possible to set multiple sasl-hosts?
As default slapd uses hostname (gethostbyname(3)) as sasl host.
-Dieter
--
Dieter Klünter | Systemberatung
http://www.dkluenter.de
GPG Key ID:8EF7B6C6