[Date Prev][Date Next] [Chronological] [Thread] [Top]

Kerberos V support in OpenLDAP

To: <openldap-devel@openldap.org>
Subject: Kerberos V support in OpenLDAP
From: "Luke Howard" <lukeh@xedoc.com.au>
Date: Fri, 18 Sep 1998 11:18:18 +1000
Importance: Normal

I notice that OpenLDAP 1.1 will include Kerberos V support.

FYI, I took the DCE GSS-API patches for UMich (from Chris Mason at RIT, if I
remember the name correctly) and got it to compile with the Kerberos V
GSS-API. I lost the patches, unfortunately, but they might be floating
around somewhere.

The correct way (which might have to wait for OpenLDAP 2.0) will be to
implement the GSS-API SASL mechanism. We've done this for Netscape's
Directory Server, and it's fairly trivial (assuming you have a generalized
means of supporting additional SASL mechanisms).

The issues that needed clarification were the GSS-API service name for LDAP
(the consensus is apparently "ldap") and the means of mapping authentication
identities (ie. Kerberos principals) into directory entries (at the moment,
we're using the UMich kerberosSecurityObject auxiliary class).



-- Luke

Follow-Ups:
- Re: Kerberos V support in OpenLDAP
  - From: "Kurt D. Zeilenga" <Kurt@openldap.org>

Prev by Date: ldap_explode_rdn() (CORRECTION)
Next by Date: Re: Kerberos V support in OpenLDAP
Index(es):
- Chronological
- Thread