[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: only Kerberos authentication

To: openldap-software@OpenLDAP.org
Subject: Re: only Kerberos authentication
From: Dieter Kluenter <dieter@dkluenter.de>
Date: Wed, 28 Jul 2004 13:22:20 +0200
In-reply-to: <200407281023.1d5d@th00.idoo.com> (tandersson@nostalgie.fr's message of "Wed, 28 Jul 2004 10:23:29 GMT")
References: <200407281023.1d5d@th00.idoo.com>
User-agent: Gnus/5.1002 (Gnus v5.10.2) XEmacs/21.4 (Rational FORTRAN, linux)

<tandersson@nostalgie.fr> writes:

> Hi everybody,
>
> Ijust installed an Openldap directory and configured
> it to authenticate against Kerberos 5.
>
> Everythings are working fine - except that actually,
> users can both authenticate with Kerberos or LDAP -
> but I just want kerberos authentication.(so I don't
> have to maintain 2 passwords database)
>
> I think that I've forgot something in my slapd.conf
> to allow only gssapi binds to the directory.
>
> I have seen with a graphical tool that i can choose a
> password method for my users like clear crypt
> sha...but not sasl.
>
> How can I set only gssapi authentication for Openldap

Don't allow any userPassword attribute and set appropriate security
strength factor (ssf) rules, see man slapd.access(5).  GSSAPI by the way has
a sasl ssf 56.

-Dieter

-- 
Dieter Klünter | Systemberatung
Tel.: +49.40.64861967
Fax : +49.40.64891521
http://www.avci.de

Follow-Ups:
- Re: only Kerberos authentication
  - From: Quanah Gibson-Mount <quanah@stanford.edu>

References:
- only Kerberos authentication
  - From: <tandersson@nostalgie.fr>

Prev by Date: only Kerberos authentication
Next by Date: (pas de sujet)
Index(es):
- Chronological
- Thread