[Date Prev][Date Next]
Re: only Kerberos authentication
> Hi everybody,
> Ijust installed an Openldap directory and configured
> it to authenticate against Kerberos 5.
> Everythings are working fine - except that actually,
> users can both authenticate with Kerberos or LDAP -
> but I just want kerberos authentication.(so I don't
> have to maintain 2 passwords database)
> I think that I've forgot something in my slapd.conf
> to allow only gssapi binds to the directory.
> I have seen with a graphical tool that i can choose a
> password method for my users like clear crypt
> sha...but not sasl.
> How can I set only gssapi authentication for Openldap
Don't allow any userPassword attribute and set appropriate security
strength factor (ssf) rules, see man slapd.access(5). GSSAPI by the way has
a sasl ssf 56.
Dieter Klünter | Systemberatung
Fax : +49.40.64891521