[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Openldap, kerberos backend, and SASL

We are starting to work towards implimenting this very solution. Is there any documentation you have found to be particularly helpful?


On Mar 4, 2009, at 2:30 AM, Da Rock wrote:

Sorry to barge in straight away with a question like this, but my time
is running out and I have not been able to get a straight answer out of

I'm going through the hypotheticals for using ldap as the backend for
kerberos, and I've hit a chicken and egg problem with SASL- can someone
untangle my mind?

IF kerberos is using ldap as a backend store for keys, users, etc, and
one can set the rootdn and leave the rootpw for later entry in the
database itself, and the password can use SASL auth- what happens if you
use kerberos as the auth mechanism?

According to the book, slapd needs to set up the access to the key from
startup, and kerberos in this scenario will need ldap up to provide the
key. Is ldap up enough that kerberos can provide this? Or does ldap
retry or something so that this problem is overcome?