[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP and authentication

--On Sunday, February 08, 2004 11:54 PM +0100 Dieter Kluenter <dieter@dkluenter.de> wrote:
No, Mathijs is trying a simple bind, that is, sasl is not
involved. Either uid=ldapadm has no entry and no userpasswd attribute,
or the value of userpasswd is wrong, but ldapadm is a principal thus
gssapi works fine.

Yes, that is what he is doing, but he doesn't want to have to do that -- He wants to do it via GSSAPI. If you read his email fully, you will see that doing a simple bind *works* for him when he enters a password, but what he *wants* is to not have to enter a password, and have his K5 ticket do the authentication for him. Thus, he needs to set up his sasl-regexp.


-- Quanah Gibson-Mount Principal Software Developer ITSS/TSS/Computing Systems ITSS/TSS/Infrastructure Operations Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

"Why of course the people don't want war. . . . That is understood. But,
after all, it is the leaders of the country who determine the policy and it
is always a simple matter to drag the people along, whether it is a
democracy, or a fascist dictatorship, or a parliament, or a communist
dictatorship. Voice or no voice, the people can always be brought to the
bidding of the leaders. That is easy. All you have to do is tell them they
are being attacked, and denounce the peacemakers for lack of patriotism and
exposing the country to danger. It works the same in any country."
--Hermann Goering, Nazi officer, during his Nuremberg war crimes trial