[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Use GSSAPI Mechanism to authenticate against openldap server

--On Tuesday, November 23, 2004 11:21 PM +0100 "S.B." <Seb.ADIO@gmx.de> wrote:

this is right pam_krb5 is the right for authentication. We actually use this for authorisatzion. But the client should get its account data (e.g. uid, home directory) from Openldap, but actually the Client makes an anonymous bind and he should make an GSSAPI bind with the Kerberos-Data because we have now found a solution to allow only GSSAPI requests. In /etc/ldap.conf we can give him a bind-dn, but the client should authenticate with the Kerberos-Ticket of the users.

That is because nss_ldap has no idea how to use the users credentials to bind. So it won't work without some development, etc. Anyhow, this is off topic for this list at this point.


-- Quanah Gibson-Mount Principal Software Developer ITSS/Shared Services Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html