[Date Prev][Date Next] [Chronological] [Thread] [Top]

Introducing the slapd kinit module

To: openldap-technical@openldap.org
Subject: Introducing the slapd kinit module
From: Ralf Haferkamp <rhafer@suse.de>
Date: Tue, 26 Oct 2010 16:24:03 +0200
User-agent: KMail/1.13.5 (Linux/2.6.34.7-0.4-desktop; KDE/4.5.2; x86_64; ; )

Hi,

a few days ago I committed the new kinit plugin to the CVS tree. It's 
sole purpose is to have slapd request a Kerberos TGT and keep it renewed 
as long as slapd is running. Especially useful e.g. if your syncrepl 
consumer uses SASL/GSSAPI for authentication (basically all setups where 
slapd also acts as an LDAP client can benefit from it). So there is no 
need any longer to use any external tools (cron jobs, whatever) to keep 
the TGT refreshed.

You can find the code in current CVS HEAD inside the
contrib/slapd-modules/kinit directory. For details on building the plugin 
see the README file in the same directory. It should be possible to build 
the plugin against recent OpenLDAP releases. Currently it only works with 
the MIT variant of libkrb5, it shouldn't be too hard to add Heimdal 
support though. I just didn't find time yet to look into that.

Feedback is appreciated. For bug reports please use the ITS.

-- 
regards,
	Ralf

SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)

Prev by Date: ldapsearch performance degradation
Next by Date: Re: LDAP Schema Changes During Replication
Index(es):
- Chronological
- Thread