[Date Prev][Date Next] [Chronological] [Thread] [Top]

Kerberos for auth through (not to) slapd

I'd like to store passwords in kerberos and all the rest in LDAP.
Some applications I need (notably qmail-ldap) only authenticate users
to LDAP through simple binds, so I'd like slapd to transparently query
kerberos to decide if a bind is allowed or not.  In other words,
qmail-ldap asks slapd if a user/pw authenticates, slapd asks kerberos
in turn, slapd tells qmail-ldap.

I managed to do this with sasldb2 using a `{sasl}username' value for
the userPassword attribute: other than slapd querying /etc/sasldb2,
everything works as planned.  What incantation is needed in place of
{sasl} to have slapd query kerberos instead?

(Stock .debs for Cyrus SASL 2.1.18, OpenLDAP 2.1.30, MIT Kerberos V