[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: how to specify a different keytab file?

To: Andreas Hasenack <andreas@conectiva.com.br>
Subject: Re: how to specify a different keytab file?
From: Frank Swasey <Frank.Swasey@uvm.edu>
Date: Fri, 5 Apr 2002 08:51:23 -0500 (EST)
Cc: openldap-software@OpenLDAP.org
In-reply-to: <20020404184432.GM20928@conectiva.com.br>

On Apr 4 at 3:44pm, Andreas Hasenack wrote:

> With openldap-2.0.22, how can I specify a different keytab file
> for the slapd daemon, instead of the /etc/krb5.keytab one?

On RedHat Linux, add the following line to /etc/sysconfig/ldap

export KRB5_KTNAME="FILE:_path_to_your_file"

And make sure the file is owned by the user you are going to run slapd
as...

On my own system, that file is /etc/openldap/ldap.keytab and is mode 600
owned by user ldap, group ldap (slapd runs as user ldap).  Therefore,
the line in my /etc/sysconfig/ldap file is:

export KRB5_KTNAME="FILE:/etc/openldap/ldap.keytab"

If you are not running RedHat Linux, in what-ever script you have set up
to start slapd, just make sure the KRB5_KTNAME environment variable is
set with the appropriate value and exported prior to slapd being
started.

HTH,
-- 
Frank Swasey                    | http://www.uvm.edu/~fcs
Systems Programmer              | Always remember: You are UNIQUE,
University of Vermont           |    just like everyone else.
                    === God Bless Us All ===

Follow-Ups:
- Re: how to specify a different keytab file?
  - From: Andreas Hasenack <andreas@conectiva.com.br>

References:
- how to specify a different keytab file?
  - From: Andreas Hasenack <andreas@conectiva.com.br>

Prev by Date: RE: Antwort: LDAP message layout values
Next by Date: Exception
Index(es):
- Chronological
- Thread