[Date Prev][Date Next] [Chronological] [Thread] [Top]

syncrepl + GSSAPI


  I have searched the archives and Google with little luck, although
maybe I just haven't used the right keywords yet.  I am looking to
perform replication via syncrepl, using GSSAPI for authentication.  I
have GSSAPI working for user authentication already.
  With syncrepl, how do I get my consumer to obtain a ticket, using it's
keytab (default /etc/krb5.keytab for now, although I'd like to move
that), so that it can attach to my provider?

  I am considering a cron job on the consumer that issues a "kinit
--keytab=..." every so often, but that seems inelegant.

  Is there a way to get the syncrepl process to obtain it's own ticket
using the keytab?  I see a credentials=<password> option in the syncrepl
config -- is there a similar (undocumented?)  keytab=<keytabfile>

  Any help is appreciated!
-Matt Smith
Matthew J. Smith <matt.smith@uconn.edu>
University of Connecticut ITS

Attachment: signature.asc
Description: This is a digitally signed message part