[Date Prev][Date Next]
Re: Kerberos + SASL question
Thank you for your response. I have been searching and I can always use the
binddn option in /etc/ldap.conf. However, the fact that I need to put the
binddn password in the file does not make me very confident.
How do you restrict the anonymous bind to get the passwd info?
Thnak you & regards,
From: Quanah Gibson-Mount <email@example.com>
Subject: Re: Kerberos + SASL question
Date: Tue, 22 Mar 2005 09:46:50 -0800
--On Tuesday, March 22, 2005 5:19 PM +0000 Manel Euro <firstname.lastname@example.org>
I am having problems understanding kerberos, LDAP and Cyrus SASL
I am using LDAP to store the users information like uid, home directory,
grouid, geco (passwd without the password field).
I have kerberos configured and working.
I understand that SASL is a layer that provides authentication mechanims
to protocols like LDAP. By using GSSAPI, as soon as I get a Kerberos TGT
I will be allowed to get a TGS for LDAP. However, if the LDAP directory
holds my userid and groupid, necessary to pam_krb5, and if I need a TGT
to access a TGS for ldap how will I be able to login.
If I have the concepts wrong please let me know.
I use a site restricted anonymous bind for getting information out of the
directory related to passwd file information.
Principal Software Developer
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
"These censorship operations against schools and libraries are stronger
than ever in the present religio-political climate. They often focus on
fantasy and sf books, which foster that deadly enemy to bigotry and blind
faith, the imagination." -- Ursula K. Le Guin
Express yourself instantly with MSN Messenger! Download today - it's FREE!