On Thu, 2009-03-05 at 02:43 +0100, Michael Ströder wrote:
Da Rock wrote:
I'm not sure you quite understand what I mean here-
I think I do. ;-)
There's no reason why you shouldn't be able to do the following:
LDAP Client
--ldap:// with SASL/GSSAPI--> slapd
--KRB5--> heimdal KDC
--ldapi:// with SASL/EXTERNAL--> slapd
In fact the picture is a bit more complicated but I'm too tired to draw
the real one. Hope you get the idea.
Actually thats very well presented- at least I get what your saying.
A hiccup here is that I mean that there is no ldap client- yet. I'm
talking about at startup, slapd looks to authenticate with kerberos as a
service