[Date Prev][Date Next]
Re: OpenLDAP as kerberos client?
Alexander Tamm <email@example.com> writes:
> I'm struggling with the documentation for OpenLDAP, SASL, kerberos and
> whatnot. Basically, I'm trying to create a directory which authenticates
> on a AD-service using kerberos. I have a working kerberos solution for
> dovecot IMAP, which authenticats from an AD KDC. I guess what I'm asking
> is this: is it actually possible for OpenLDAP to function as a kerberos
> client? I haven't really found any information which would explicitly
> confirm this. The documentation I find mostly seems to indicate that I
> need to setup a new KDC.
You may use sasl gssapi mechanism, but you have to tweak AD to create
service and host principals and tickets. I have done it, so it is
Dieter Klünter | Systemberatung
GPG Key ID:8EF7B6C6