[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: How does Openldap work with Cyrus SASL and MIT Kerberos V

On Mon, 2008-06-30 at 09:48 +0700, Le Trung Kien wrote:
> Hi everyone,
> I have built up one server with Openldap, Cyrus SASL, MIT Kerberos V.
> Now, my server can authenticate users.
> In "Authentication Configuration", I set option information for LDAP
> server
> and Kerberos server. And I could login with accounts (Kerberos
> principals)
> which are created through Kerberos. And user information can be
> obtained
> from LDAP server.
> But it's seem to be only Openldap and Kerberos work with together.
> I can't figure out what the SASL role is in this strategy. And how it
> effects
> on my system.
> When I attempt setup phpldapadmin, I must configure SASL option, but I
> don't know how SASL works with LDAP in this strategy ?
> -- 
> Le Trung Kien.


regarding your setup the SASL can be usefull to let your users
authenticate to LDAP whith their kerberos password.
the SASL actually glues the authentication (Kerberos) whith the
authorization (LDAP). 

how do your users authenticate to LDAP? do you have different passwords
on LDAP accounts and on Kerberos principals? in you do, then your SASL
glue (pass through authentication) is not set up properly.