[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: require authc and SASL GSSAPI



Christian wrote:
> I use Kerberos/GSSAPI for authentication, and I recently locked down my
> ldap servers with "require authc". With Kerberos tickets, I used to be
> able to just enter
> 
> ldapsearch
> 
> on the command line. Now I have to do
> 
> ldapsearch -Y GSSAPI

Why don't you simply put this line in your ldap.conf?

SASL_MECH GSSAPI

> I assume this is because ldapsearch has to do a nonauthenticated bind to
> find out about the SASL auth mechanisms (by looking for
> supportedSASLMechanisms),

Nope. The command-line tools do not behave like this.

> man ldap.conf
> 
> tells me that the setting for SASL_MECH is a per user setting only. Is
> there any other way to achieve this, or am I doing the wrong thing by
> requiring authc?

I'm pretty sure there's a system-wide ldap.conf file installed on your system.

Ciao, Michael.


Attachment: smime.p7s
Description: S/MIME Cryptographic Signature