[Date Prev][Date Next] [Chronological] [Thread] [Top]

require authc and SASL GSSAPI



Dear list,

I use Kerberos/GSSAPI for authentication, and I recently locked down my
ldap servers with "require authc". With Kerberos tickets, I used to be
able to just enter

ldapsearch

on the command line. Now I have to do

ldapsearch -Y GSSAPI

I assume this is because ldapsearch has to do a nonauthenticated bind to
find out about the SASL auth mechanisms (by looking for
supportedSASLMechanisms), and that fails now. So it would be great if I
had a way of setting the default SASL auth mechanism on a machine for
all users. However,

man ldap.conf

tells me that the setting for SASL_MECH is a per user setting only. Is
there any other way to achieve this, or am I doing the wrong thing by
requiring authc? Thanks,

Christian