[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: How does Openldap work with Cyrus SASL and MIT Kerberos V

Le Trung Kien wrote:
If you have configure phpldapadmin with option
SASL chosen, then lucky me.

SASL bind can be conducted with many different mechanisms. For Kerberos V you have to configure SASL with mech GSSAPI. For this to fully work as expected the entity binding to the LDAP server has to have obtained a ticket granting ticket (TGT) before binding to the LDAP server.

If you invoked command-line tool kinit on your box then the TGT is stored in a ticket cache tied to the system user who started kinit => this is likely not of much use in a centrally installed web gateway. My web2ldap supports SASL/GSSAPI but using the end-user TGT requires web2ldap to be started by this particular end-user.

Ciao, Michael.