[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: syncreply & sasl (gssapi)

To: OpenLDAP-software@OpenLDAP.org
Subject: Re: syncreply & sasl (gssapi)
From: Andreas Hasenack <ahasenack@terra.com.br>
Date: Tue, 30 May 2006 13:49:46 -0300
Content-disposition: inline
In-reply-to: <200605301631.37753.bernd.schubert@pci.uni-heidelberg.de>
References: <200605301631.37753.bernd.schubert@pci.uni-heidelberg.de>
User-agent: Mutt/1.5.11

On Tue, May 30, 2006 at 04:31:37PM +0200, Bernd Schubert wrote:
> Hi,
> 
> if I run on the failover system 'kinit ldapadmin-h2' syncreply works - until 
> the ticket experies. After the ticket is expired or if I didn't get a ticket 
> via kinit, syncreply fails.
> How can I make slapd to get a ticket itself?

It won't. You need to arrange some cron job to do this for the ldap user. You
will need also to extract the principal's key into a keytab and use it as an
argument to kinit in that cronjob, something like "kinit -k -t
/foo/bar/ldap.keytab" (for MIT's kinit, Heimdal's syntax may be different).

References:
- syncreply & sasl (gssapi)
  - From: Bernd Schubert <bernd.schubert@pci.uni-heidelberg.de>

Prev by Date: Re: Brief syncrepl question
Next by Date: Re: Brief syncrepl question
Index(es):
- Chronological
- Thread