[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Kerberos for auth through (not to) slapd

I guess you must be using saslauthd. You just have to run saslauthd -a kerberos5 instead of what you're using right now (auxprop?)... anyway this is a sasl question, not an LDAP one... if you have further problems, you may want to post in cyrus-sasl@lists.andrew.cmu.edu instead of here.

   Best regards

Massimiliano Mirra wrote:

I'd like to store passwords in kerberos and all the rest in LDAP.
Some applications I need (notably qmail-ldap) only authenticate users
to LDAP through simple binds, so I'd like slapd to transparently query
kerberos to decide if a bind is allowed or not.  In other words,
qmail-ldap asks slapd if a user/pw authenticates, slapd asks kerberos
in turn, slapd tells qmail-ldap.

I managed to do this with sasldb2 using a `{sasl}username' value for
the userPassword attribute: other than slapd querying /etc/sasldb2,
everything works as planned.  What incantation is needed in place of
{sasl} to have slapd query kerberos instead?

(Stock .debs for Cyrus SASL 2.1.18, OpenLDAP 2.1.30, MIT Kerberos V