[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: How does Openldap work with Cyrus SASL and MIT Kerberos V

To: openldap-technical@openldap.org
Subject: Re: How does Openldap work with Cyrus SASL and MIT Kerberos V
From: "Dieter Kluenter" <dieter@dkluenter.de>
Date: Tue, 01 Jul 2008 08:40:57 +0200
In-reply-to: <cb25fa940806301841y330a5226t16a67959b11951dc@mail.gmail.com> (Le Trung Kien's message of "Tue, 1 Jul 2008 08:41:04 +0700")
References: <cb25fa940806291948n468d9537sca97ca93d74159d3@mail.gmail.com> <1214823098.9753.4.camel@precision.lan.streamline-computing.com> <cb25fa940806301841y330a5226t16a67959b11951dc@mail.gmail.com>
User-agent: Gnus/5.1008 (Gnus v5.10.8) XEmacs/21.5-b28 (linux)

"Le Trung Kien" <aloneattack@gmail.com> writes:

> As you know, on each client machine, I type "setup" and go in "Authentication
> Configuration" then fill up information about kerberos and ldap server.
> And so, my users could login our Kerberos&LDAP system.
>
> after login, users must get ticket to use ldap services by emit command :
> "kinit" then type their kerberos password. After get their tickets, they can
> use ldap services.
> I have tested this with "ldapwhoami" and get the proper user information
> (which belongs to ldap).
> And I have only password on Kerberos for each user.
> If I were wrong, please show me :)
> Could you explain to me how SASL gets involved in this ?

It is the SASL Mechanism GSSAPI that comes into the game. Your users
may connect to any network  oriented service  like smtp, imap, ldap by
calling the GSSAPI mechanism.

-Dieter

-- 
Dieter Klünter | Systemberatung
http://www.dkluenter.de
GPG Key ID:8EF7B6C6

References:
- Re: How does Openldap work with Cyrus SASL and MIT Kerberos V
  - From: "Le Trung Kien" <aloneattack@gmail.com>

Prev by Date: openldap
Next by Date: Re: me
Index(es):
- Chronological
- Thread