[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: seperate keytab files



OpenLDAP Software, itself, knows nothing of Kerberos or even
gssapi.  This is all handled at lower levels, namely in Cyrus
SASL's GSSAPI implementation and the underlying gsssapi and
Kerberos implementations.

Kurt


At 09:02 AM 4/4/2005, Gaurav Sharma wrote:
>Is there a way to run MIT kerberos v5 1.3.x and openldap 2.2.x using
>cyrus-sasl without setting KRB5_KTNAME environment variable?
>
>The reason I want to do this is because I have other kerberized
>applications running whose authentication fails if I set
>KRB5_KTNAME=/xxx/ldap.keytab (which contains the LDAP service
>principle), for GSSAPI auth. I don't want ldap to have access to the
>/etc/krb5.keytab file.
>
>I have tried setting default_keytab-name=/etc/krb5.keytab in the
>[libdefaults] section of my krb5.conf file and then setting
>KRB5_KTNAME=/xxx/ldap.keytab without any success.
>
>Please help.
>
>Thanks.
>GS