[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Mapping userPassword to Kerberos 5



Quoting Stephen Frost <sfrost@snowman.net>:

> > This is to enable simple binds (ie '-x -D .. -W') and is not necessary
> > for GSSAPI binds. To get this part working, I think one have to compile
> > with '--enable-kpasswd'...
> 
> It might be enough to compile with --enable-spasswd (SASL) and to then
> use {SASL} in the userPassword.  I'd like to know if this actually works
> or not...

Any idea how to use it? Is this to 'map' users to the /etc/sasldb file?

I don't use that, so I can't test it, but I'd also be interested to know...

> > > I'm using Debian 3 sid with OpenLDAP 2.1.22, Kerberos 5, libsas2-gssapi
> > > package 2.1.12, SASL 2.1.15.
> > 
> > I've just started with OpenLDAP 2.1.22, Cyrus SASL 2.1.12, so I'm not 100%
> > certain how to get it working properly.
> 
> Try using {SASL} instead since we no longer compile the Debian packages
> with --enable-kpasswd...  If it doesn't work I'd like to know.

If I'm not mistaken, it only 'hurts' KTH Heimdal... But on the other hand,
you're not compiling the MIT Kerberos package any more either...

It would be nice if someone could dig up the rumored patch to Cyrus SASL that
fixes the problem for MIT Kerberos (some mutex thingie) and have that included
in the Debian GNU/Linux package(s).