[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Introducing the slapd kinit module
- To: openldap-technical@openldap.org
- Subject: Introducing the slapd kinit module
- From: Ralf Haferkamp <rhafer@suse.de>
- Date: Tue, 26 Oct 2010 16:24:03 +0200
- User-agent: KMail/1.13.5 (Linux/2.6.34.7-0.4-desktop; KDE/4.5.2; x86_64; ; )
Hi,
a few days ago I committed the new kinit plugin to the CVS tree. It's
sole purpose is to have slapd request a Kerberos TGT and keep it renewed
as long as slapd is running. Especially useful e.g. if your syncrepl
consumer uses SASL/GSSAPI for authentication (basically all setups where
slapd also acts as an LDAP client can benefit from it). So there is no
need any longer to use any external tools (cron jobs, whatever) to keep
the TGT refreshed.
You can find the code in current CVS HEAD inside the
contrib/slapd-modules/kinit directory. For details on building the plugin
see the README file in the same directory. It should be possible to build
the plugin against recent OpenLDAP releases. Currently it only works with
the MIT variant of libkrb5, it shouldn't be too hard to add Heimdal
support though. I just didn't find time yet to look into that.
Feedback is appreciated. For bug reports please use the ITS.
--
regards,
Ralf
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)