On 01/07/10 00:18 +0200, Michael Ströder wrote:
Dan White wrote:On 30/06/10 18:43 +0200, Michael Ströder wrote:He would also have to specify -Y GSSAPI. And off course slapd has to be kerberized first to make this work.Presumably he is doing plaintext authentication to slapd rather than gssapi, and having saslauthd validate the username and password against a kerberos5 server.Why do you think so? Diego mentioned kinit and klist in the original posting: http://www.openldap.org/lists/openldap-technical/201006/msg00301.html Therefore I presume he wants to use SASL/GSSAPI. But only he can tell us what he really wants to achieve.
It's clear what his intentions where from this snippet, from the original post:
Which means he was successful in configuring saslauthd to use the kerberos5I've also set up SASL to use the kerberos5 auth mechanism and it seems to work: root@filesystem:~# testsaslauthd -u diego.lima@USERS -p 123456 0: OK "Success."
authmech (see the manual page). His problem is not with any kerberos5 configuration, but rather a usage question in how to use the ldap client utilities and how to configure his user entries to support SASL. -- Dan White