[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Integration: MIT Kerberos V and OpenLDAP with SASL/GSSAPI

To: openldap-software@OpenLDAP.org, openldap@gnosys.biz
Subject: Re: Integration: MIT Kerberos V and OpenLDAP with SASL/GSSAPI
From: Quanah Gibson-Mount <quanah@stanford.edu>
Date: Sat, 06 Mar 2004 10:36:59 -0800
Content-disposition: inline
In-reply-to: <m3ishiniuo.fsf@marin.l4b.de>
References: <200403060702.04867.openldap@gnosys.biz> <m3ishiniuo.fsf@marin.l4b.de>

--On Saturday, March 06, 2004 3:35 PM +0100 Dieter Kluenter <dieter@dkluenter.de> wrote:

Kevin <openldap@gnosys.biz> writes:

Hi All-

I'm trying to integrate the subject software and having difficulty
with the part that seems most mysterious to me:
getting slapd to say, "Oh, a user is trying to do initial kerberos
authentication through me...

[...]

For any of you that might already be doing this, how do you establish
the connection between LDAP and the authentication server?


Kevin,

I'll also note that on the server side of things, you'll either have to find patches against MIT Krb5 to make it thread safe (someone on this list has them), or compile slapd against Heimdal 0.6 Krb5 (which is what I do). Otherwise your server will be subject to lockups & other issues. It is fine to use MIT KRB5 in non-threaded clients.

--Quanah


--
Quanah Gibson-Mount
Principal Software Developer
ITSS/TSS/Computing Systems
ITSS/TSS/Infrastructure Operations
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

Follow-Ups:
- Re: Integration: MIT Kerberos V and OpenLDAP with SASL/GSSAPI
  - From: Kevin <openldap@gnosys.biz>

References:
- Integration: MIT Kerberos V and OpenLDAP with SASL/GSSAPI
  - From: Kevin <openldap@gnosys.biz>
- Re: Integration: MIT Kerberos V and OpenLDAP with SASL/GSSAPI
  - From: Dieter Kluenter <dieter@dkluenter.de>

Prev by Date: Re: Integration: MIT Kerberos V and OpenLDAP with SASL/GSSAPI
Next by Date: Re: saslAuthz failing to *compare*
Index(es):
- Chronological
- Thread