[Date Prev][Date Next]
Re: Use GSSAPI Mechanism to authenticate against openldap server
--On Tuesday, November 23, 2004 11:21 PM +0100 "S.B." <Seb.ADIO@gmx.de>
this is right pam_krb5 is the right for authentication. We actually use
this for authorisatzion. But the client should get its account data
(e.g. uid, home directory) from Openldap, but actually the Client makes
an anonymous bind and he should make an GSSAPI bind with the
Kerberos-Data because we have now found a solution to allow only GSSAPI
requests. In /etc/ldap.conf we can give him a bind-dn, but the client
should authenticate with the Kerberos-Ticket of the users.
That is because nss_ldap has no idea how to use the users credentials to
bind. So it won't work without some development, etc. Anyhow, this is off
topic for this list at this point.
Principal Software Developer
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html