[Date Prev][Date Next]
Re: Authenticate to ldap using Kerberos
On 09/09/10 10:21 +0800, Wouter van Marle wrote:
That requires pass-through authentication.
Well with the above instructions nothing seems to have changed.
I have restarted saslauthd and slapd after making the changes, and when
now accessing the ldap addressbook using Evolution, I still have to use
the ldap stored password, not the krb password.
To be a little more explicit, to enable pass-through authentication, you
will need to replace the password (userPassword attribute) with:
In this case, the user will have no valid password defined in LDAP (or at
least not in the userPassword attribute).
When attempting to perform a non-sasl bind, slapd will use saslauthd to
authenticate, by taking the username (from the userPassword field), and the
password that was submitted.