[Date Prev][Date Next] [Chronological] [Thread] [Top]

re: separate keytab files

As Kurt pointed out, this issue concerns the SASL library - not OpenLDAP itself -

However, according to Options for Cyrus SASL - http://asg.web.cmu.edu/cyrus/download/sasl/options.html - one should be able to specify the keytab's location using the SASL "keytab:" option.

Unfortunately, it's been my experience that the "keytab:" option is as yet unimplemented : (

This from the SASL 2.1.19 doc/TODO -

[...] GSSAPI ~~~~~~ ) Allow specification of alternate keytab file [...]

Apparently a couple folks have recently resumed work on this option - http://thread.gmane.org/gmane.comp.security.cyrus.sasl/4003

Meanwhile, as Donn suggests, I add -

export KRB5_KTNAME=/etc/ldap/krb5.keytab

- to my Debian /etc/default/slapd init configuration file. PS - watch out for apps which don't import all environment variables (eg. Postfix)