[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: GSSAPI, multiple aliases

Matthew J. Smith wrote:

To follow up on my earlier email, (and simplify my question), could
someone tell me how OpenLDAP decides which princ to read from the keytab
file, supplied via the KRB5_KTNAME variable? Does it look for:

*ldap/<HOSTNAME as defined in /etc/hostname> or,
*ldap/<HOSTNAME being accessed by client>

OpenLDAP doesn't make any decision at all. By its nature, the internal workings of Kerberos are completely hidden behind the GSSAPI layer and OpenLDAP knows nothing about it. You should ask on a mailing list for your Kerberos implementation how a Kerberized server works; they all work the same (otherwise there would be no interoperability, would there...).

 -- Howard Chu
 Chief Architect, Symas Corp.       Director, Highland Sun
 http://www.symas.com               http://highlandsun.com/hyc
 Symas: Premier OpenSource Development and Support