[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Enable SASL and GSSAPI authentication
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 22/12/2010, at 20:30, Jörg Herzinger wrote:
> Hi, I've been running openLDAP with GSSAPI authentication for quite a while now and everything has been running quite fine. The last days I tried enabling SASL password auth as described in [1]
> Now password authentication works fine, but it seems that GSS somehow has been disabled:
>
> root@ldap1 ~ # ldapsearch -x -H ldap:// -b '' -s base -LLL supportedSASLMechanisms
> dn:
>
> While without SASL enabled I get:
>
> root@ldap1 ~ # ldapsearch -x -H ldap:// -b '' -s base -LLL supportedSASLMechanisms
> dn:
> supportedSASLMechanisms: GSSAPI
>
> Is it possible to enable both, GSS and SASL pass through auth? I checked the dokumentation and couldn't find a clue if it is or not.
It is. I do it. Just follow both setups and they don't interfere with each other.
To clarify this means SASL passthrough (aka userPassword: {SASL}user@realm ) and GSSAPI you want, correct?
>
> openLDAP version is 2.4.11 on Debian Lenny, Kerberos is MIT version 1.6 also on Lenny. Slapd config can be found here [2]
>
> tia,
> Jörg Herzinger
>
> [1] http://www.openldap.org/doc/admin24/security.html#Pass-Through authentication
> [2] https://github.com/joerg/global2000-puppet/blob/master/modules/ldapserver/templates/etc-ldap-slapd.conf.erb
William Brown
pgp.mit.edu
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
iQIcBAEBAgAGBQJNEelOAAoJEHF16AnLoz6JimQQALPM7eSwa/3EjsWO/tl8y9qH
9Hd41rAHMJcS9awn4ZUKapJfiIIWWrZJplUHqNLLnIO45abZfZdcfOxxZOpP1lNs
IIzBnjtV+AvrZ4X3K7D+JwDZnXuul2dmo5eCl0EeEzkwgz13+v4+z+6SLGWuP7G4
layzbTp0EdGKZP8jjx5Jc4S+8J9KmMPjoakZ4fDDA6GszVnPJyp5yDncS8H99i3K
nbYX5Y6CCdKvI2Tw76WwlqCl4OSOHKne1GlNp3pkyLKTwWY3flWnqtbNnPe0h0Of
o3oogemBtIXXyE7nUs1KCdATqjxxbKsefHTYa808NtcVuQ6DACf7Pnklj9SwNZRH
JzelbxBixKKm0A7fsaliLhuLTWMpLM4/GbJIR9J+acsEbpcYoypSXxWU8MVzjKXT
bm0XaB7gQIHwcNbzlvnkMe0RamLRQG2xAGuATPAuYFzqctojOdZPvwwMPBdiDrVV
/zs9cCuSkmDyQJTG187ERnsmLgerI+hYuG3zG7SJgNbHmgaQ3xmb4y3O21j+GMkK
/yCZVJHMWCCcCo6vKJMLRrorT3GQVBvS9Dz/LWzuq1MhT0Gn4q63w+U63wTwLSLP
BO2B9xUHuFi2sW0s2L6OGpoHBfCXy+iE3aolKik76Och2rE7QE90BajPaBUQ/bpl
LKbcnMEzVsLH9GoZUd02
=feNA
-----END PGP SIGNATURE-----