[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Using Kerberos to authenticate as manager

To: DavidSmith@byu.net
Subject: Re: Using Kerberos to authenticate as manager
From: Frank Swasey <Frank.Swasey@uvm.edu>
Date: Mon, 5 Aug 2002 12:16:45 -0400 (EDT)
Cc: openldap-software@OpenLDAP.org
In-reply-to: <Pine.LNX.4.44.0208050850470.16788-100000@strychnine.cs.byu.edu>

Today at 8:59am, Dave Smith wrote:

> I know that OpenLDAP can be used in conjunction with kerberos to
> authenticate users, but I would like to know if (like Postgres and
> others), I can use a kerberos ticket to authenticate to the directory
> as manager.

WARNING: I have not done this....  So, I may be completely wrong...

If you are using 2.1.x (I am not), you should be able to associate via
GSSAPI a specific kerberos identity with the manager if you put an entry
in the database for the manager.

In 2.0.x, you would need to put the special syntax into your ACL's
giving the SASL id (I forget the exact syntax, but Turbo spelled it out
in http://www.bayour.com/LDAPv3-HOWTO.html) full authority to do
create/delete all entries.

-- 
Frank Swasey                    | http://www.uvm.edu/~fcs
Systems Programmer              | Always remember: You are UNIQUE,
University of Vermont           |    just like everyone else.
                    === God Bless Us All ===

References:
- Using Kerberos to authenticate as manager
  - From: Dave Smith <djsmith@cs.byu.edu>

Prev by Date: libldap: ldap.h: LDAP_VERSION3 and LDAP_VERSION
Next by Date: Continued instability on Solaris 7
Index(es):
- Chronological
- Thread