[Date Prev][Date Next] [Chronological] [Thread] [Top]

slapd with Kerberos and multihomed host


is there a possibility to configure slapd on a multihomed host to authenticate on the different interfaces with different Kerberos principals?

	one host running linux with two NICs (eth0, eth1) and slapd
	eth0: IP, hostname ldap.sn-1.example.com
	eth1: IP, hostname ldap.sn-2.example.com

A client which connects via hostname ldap.sn-1.example.com would request a ticket for the principal ldap/ldap.sn-1.example.com@EXAMPLE.COM and one connecting via ldap.sn-2.example.com would request a ticket for ldap/ldap.sn-2.example.com@EXAMPLE.COM. 

Does it suffice to store both keys in the keytab to enable slapd to authenticate for both principals, i.e. does it picks the right key?

Which hostname should I define as sasl-host when using SASL to enable plain-text authentication over a SSL-secured connection or is it possible to set multiple sasl-hosts?


phone: +49 6898/10-4987
web  : www.saarstahl.de
mail : Hofstattstraße 106a
       D 66333 Voelklingen