[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Mapping userPassword to Kerberos 5

* Lewis Thompson (purple@lewiz.info) wrote:
> ldapseach -D "uid=lewiz,ou=People,dc=lewiz,dc=org" -W
> fails with error 49 (auth error) when userPassword is set to
> {SASL}lewiz@LEWIZ.ORG.  Is that what you meant?
>   I then switched userPassword to ``abc123'' and it worked perfectly.
>   I had troubles compiling OpenLDAP21 with --enable-kpasswd because of
> some odd FreeBSD-specific crypt issues (that I still haven't resolved).
> However, I /think/ that answers your question?  If not, maybe I use the
> userPassword field in a different way in order to use SASL?

That does help answer my question, as does the information provided by
Howard.  It sounds like it *could* be done by setting up slapd to use
saslauthd and configuring that to use GSSAPI.  It seems rather involved
though and we may go back to compiling with --enable-kpasswd, though I
recall we may have disabled it because of problems compiling it too (and
lack of expected use..).



Attachment: pgpMwi9ddLjXz.pgp
Description: PGP signature