[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: syncrepl + GSSAPI

To: matt.smith@uconn.edu
Subject: Re: syncrepl + GSSAPI
From: Quanah Gibson-Mount <quanah@stanford.edu>
Date: Thu, 05 Aug 2004 10:37:08 -0700
Cc: openldap-software@OpenLDAP.org
Content-disposition: inline
In-reply-to: <1091726010.16728.16.camel@d80h243>
References: <1091720074.16728.9.camel@d80h243> <2C5C7200BB0A23FE44C3AE90@cadabra-dsl.stanford.edu> <1091726010.16728.16.camel@d80h243>

--On Thursday, August 05, 2004 1:13 PM -0400 "Matthew J. Smith" <matt.smith@uconn.edu> wrote:

Thank you for the response.  Google did bring me across k5start, and I
am contemplating it's use.  I was hoping that slapd could do this
without needing any extra utilities, simply obtaining and refreshing the
ticket as part of the syncrepl process.  I may use k5start (or even just
a cron'd kinit).  But first, can anyone definitively tell me whether
slapd does or will ever directly support this functionality?

It doesn't currently, I'm not sure that it ever would, but a developer would have to answer that. I don't suggest using cron, because I've seen that not work well (we used to do that). k5start with svcscan has worked very well for us.

Part of the problem with slapd getting and maintaining its own ticket is that it would have to know a variety of different things about your Kerberos setup, as well as having to refresh the ticket periodically.

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

References:
- syncrepl + GSSAPI
  - From: "Matthew J. Smith" <matt.smith@uconn.edu>
- Re: syncrepl + GSSAPI
  - From: Quanah Gibson-Mount <quanah@stanford.edu>
- Re: syncrepl + GSSAPI
  - From: "Matthew J. Smith" <matt.smith@uconn.edu>

Prev by Date: Re: syncrepl + GSSAPI
Next by Date: Re: Usernames vs. OU's
Index(es):
- Chronological
- Thread