[Date Prev][Date Next]
Re: How does Openldap work with Cyrus SASL and MIT Kerberos V
Le Trung Kien wrote:
If you have configure phpldapadmin with option
SASL chosen, then lucky me.
SASL bind can be conducted with many different mechanisms. For Kerberos
V you have to configure SASL with mech GSSAPI. For this to fully work as
expected the entity binding to the LDAP server has to have obtained a
ticket granting ticket (TGT) before binding to the LDAP server.
If you invoked command-line tool kinit on your box then the TGT is
stored in a ticket cache tied to the system user who started kinit =>
this is likely not of much use in a centrally installed web gateway. My
web2ldap supports SASL/GSSAPI but using the end-user TGT requires
web2ldap to be started by this particular end-user.