[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Kerberos for auth through (not to) slapd

To: Massimiliano Mirra <mmirra@cgspace.it>
Subject: Re: Kerberos for auth through (not to) slapd
From: Jose Gonzalez Gomez <jgonzalez@opentechnet.com>
Date: Wed, 01 Sep 2004 16:33:13 +0200
Cc: openldap-software@OpenLDAP.org
In-reply-to: <878ybuie56.fsf@prism.localnet>
References: <878ybuie56.fsf@prism.localnet>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.2) Gecko/20040826

I guess you must be using saslauthd. You just have to run saslauthd -a kerberos5 instead of what you're using right now (auxprop?)... anyway this is a sasl question, not an LDAP one... if you have further problems, you may want to post in cyrus-sasl@lists.andrew.cmu.edu instead of here.

   Best regards
   Jose

Massimiliano Mirra wrote:

I'd like to store passwords in kerberos and all the rest in LDAP.
Some applications I need (notably qmail-ldap) only authenticate users
to LDAP through simple binds, so I'd like slapd to transparently query
kerberos to decide if a bind is allowed or not.  In other words,
qmail-ldap asks slapd if a user/pw authenticates, slapd asks kerberos
in turn, slapd tells qmail-ldap.

I managed to do this with sasldb2 using a `{sasl}username' value for
the userPassword attribute: other than slapd querying /etc/sasldb2,
everything works as planned.  What incantation is needed in place of
{sasl} to have slapd query kerberos instead?

(Stock .debs for Cyrus SASL 2.1.18, OpenLDAP 2.1.30, MIT Kerberos V
1.3.4)

Massimiliano

References:
- Kerberos for auth through (not to) slapd
  - From: Massimiliano Mirra <mmirra@cgspace.it>

Prev by Date: Re: [ERROR 80] Unknown error with multiple databases
Next by Date: Re: adding jpegphoto in a OpenLDAP server with PHP
Index(es):
- Chronological
- Thread