Re: LDAP and authentication

[Quanah Gibson-Mount <quanah@stanford.edu>]

--On Sunday, February 08, 2004 11:54 PM +0100 Dieter Kluenter 
<dieter@dkluenter.de> wrote:
> No, Mathijs is trying a simple bind, that is, sasl is not
> involved. Either uid=ldapadm has no entry and no userpasswd attribute,
> or the value of userpasswd is wrong, but ldapadm is a principal thus
> gssapi works fine.

Yes, that is what he is doing, but he doesn't want to have to do that -- He 
wants to do it via GSSAPI.  If you read his email fully, you will see that 
doing a simple bind *works* for him when he enters a password, but what he 
*wants* is to not have to enter a password, and have his K5 ticket do the 
authentication for him.  Thus, he needs to set up his sasl-regexp.

--Quanah


--
Quanah Gibson-Mount
Principal Software Developer
ITSS/TSS/Computing Systems
ITSS/TSS/Infrastructure Operations
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

----------------------------------------------------------------------------
OPINIONS EXPRESSED BY ME ARE NOT NECESSARILY SHARED BY MY EMPLOYER
----------------------------------------------------------------------------
"Why of course the people don't want war. . . . That is understood. But,
after all, it is the leaders of the country who determine the policy and it
is always a simple matter to drag the people along, whether it is a
democracy, or a fascist dictatorship, or a parliament, or a communist
dictatorship. Voice or no voice, the people can always be brought to the
bidding of the leaders. That is easy. All you have to do is tell them they
are being attacked, and denounce the peacemakers for lack of patriotism and
exposing the country to danger. It works the same in any country."
--Hermann Goering, Nazi officer, during his Nuremberg war crimes trial