Kerberos userpassword storage

[Indexer <indexer@internode.on.net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

Im attempting to use Kerberos as a password storage backend in my ldap server. 

I have the server setup with its own principal of the form ldap/domainname@REALM , and this keytab is in the KRB5_KTNAME environment variable as slapd starts. 

I have put olcSaslRealm=REALM and olcSaslHost=kdc.domain into my cn=config.

Then, i have uid=user, where the userPassword attribute is {KERBEROS}user@REALM

When attempting to bind to this user, it seems to fail. When i reset the password to a standard SSHA hash, it authenticates correctly. I can authenticate with kerberos to the host that the ldap enabled client, but i just cannot use ldap with the kerberos password backend. 

Any help in solving what else i need to do in this would be greatly appreciated

William Brown

pgp.mit.edu



-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)

iQIcBAEBAgAGBQJMWSI4AAoJEHF16AnLoz6JYt0P/0GzaH8jSYxiFLkjuh+XnXKI
E1Io0H9a0U3Z2GWnkpGwfYmZpPSPHhCV7qs18y2AFHyekvxW9Io3sraKWbsHqLOh
yygbVeZXvhdp29fpvvDfUoSXE6VN20pYtNdRUGQ+aMFCTwGjikBQoMZJjzjYZQOG
cN3HF/TDHLVKQHKsmkVJr5qHKoWEjG2duD/vQ1vd1PS1Lv+QtQxjuSLFZFU5Fmwd
L0ujNLExlyosR0CyvuIQ+wzZldPDy0yrCHlfD69GYNyfYp1l6+9o4bR9glFVdzIP
C6JBciipPuq+PmHfi8YuWI0pO5XCS0n0S2K1Jtp5iMgCeInUiAMKw1oPnrygTXBi
K8SaiO9jjleA6GFeql4Tzf9swIYVXxtOrUkTS+lRmEX4hl8ZkyRC+2lMDcKk5O5m
4OmW6B5k0NFQ+oEkGnmW+6UzfdhXuDC/I42XHGMfAMf3aW3f671JjTllxS/1aQJE
A2v1VgjHAVLHx0qRj0aucJGQveGK8wmpA9odZIokxu4KJPn42THFa2ITvWAk/hux
dpYuh4d8PFU8ikHVu4rmXsvPFfpVUrFl389+P9jAziS41dCpqC5doo3TP+W+pz93
7d0gkSCPGPnPp7f/tXAcnISwQMeKvzqi0XzJN3xmCRXVdfsJNk8yxFF+KZ1JoZKW
r+qQcwwXTkogq/+tBeNq
=0f+g
-----END PGP SIGNATURE-----