[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Enable SASL and GSSAPI authentication



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On 22/12/2010, at 20:30, Jörg Herzinger wrote:

> Hi, I've been running openLDAP with GSSAPI authentication for quite a while now and everything has been running quite fine. The last days I tried enabling SASL password auth as described in [1]
> Now password authentication works fine, but it seems that GSS somehow has been disabled:
> 
> root@ldap1 ~ # ldapsearch -x -H ldap:// -b '' -s base -LLL supportedSASLMechanisms
> dn:
> 
> While without SASL enabled I get:
> 
> root@ldap1 ~ # ldapsearch -x -H ldap:// -b '' -s base -LLL supportedSASLMechanisms
> dn:
> supportedSASLMechanisms: GSSAPI
> 
> Is it possible to enable both, GSS and SASL pass through auth? I checked the dokumentation and couldn't find a clue if it is or not.

It is. I do it. Just follow both setups and they don't interfere with each other.

To clarify this means SASL passthrough (aka userPassword: {SASL}user@realm ) and GSSAPI you want, correct? 

> 
> openLDAP version is 2.4.11 on Debian Lenny, Kerberos is MIT version 1.6 also on Lenny. Slapd config can be found here [2]
> 
> tia,
>    Jörg Herzinger
> 
> [1] http://www.openldap.org/doc/admin24/security.html#Pass-Through authentication
> [2] https://github.com/joerg/global2000-puppet/blob/master/modules/ldapserver/templates/etc-ldap-slapd.conf.erb

William Brown

pgp.mit.edu



-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.16 (Darwin)

iQIcBAEBAgAGBQJNEelOAAoJEHF16AnLoz6JimQQALPM7eSwa/3EjsWO/tl8y9qH
9Hd41rAHMJcS9awn4ZUKapJfiIIWWrZJplUHqNLLnIO45abZfZdcfOxxZOpP1lNs
IIzBnjtV+AvrZ4X3K7D+JwDZnXuul2dmo5eCl0EeEzkwgz13+v4+z+6SLGWuP7G4
layzbTp0EdGKZP8jjx5Jc4S+8J9KmMPjoakZ4fDDA6GszVnPJyp5yDncS8H99i3K
nbYX5Y6CCdKvI2Tw76WwlqCl4OSOHKne1GlNp3pkyLKTwWY3flWnqtbNnPe0h0Of
o3oogemBtIXXyE7nUs1KCdATqjxxbKsefHTYa808NtcVuQ6DACf7Pnklj9SwNZRH
JzelbxBixKKm0A7fsaliLhuLTWMpLM4/GbJIR9J+acsEbpcYoypSXxWU8MVzjKXT
bm0XaB7gQIHwcNbzlvnkMe0RamLRQG2xAGuATPAuYFzqctojOdZPvwwMPBdiDrVV
/zs9cCuSkmDyQJTG187ERnsmLgerI+hYuG3zG7SJgNbHmgaQ3xmb4y3O21j+GMkK
/yCZVJHMWCCcCo6vKJMLRrorT3GQVBvS9Dz/LWzuq1MhT0Gn4q63w+U63wTwLSLP
BO2B9xUHuFi2sW0s2L6OGpoHBfCXy+iE3aolKik76Och2rE7QE90BajPaBUQ/bpl
LKbcnMEzVsLH9GoZUd02
=feNA
-----END PGP SIGNATURE-----