OpenLDAP -> GSSAPI (SASL) -> KERBEROS V Questions

Matt Joyce syslists at vtsystems.com
Mon Oct 18 17:17:29 EDT 2004


Hi,

     Setting up two ldap servers with kerberos backends.  I have some 
questions about the linking of ldap to kerberos...  I figured at least a 
few of you folks have probably tried this is the past.  And before you 
refer me to the ldap mailing list lets just say very helpful people on 
there tend to respond en masse with very useless suggestions and lots of 
"I've never tried this before but..." advice.  Which, as chance may have 
it has never helped me in the past.

     So the questions are....

     What does a principal look like for ldap?
                     assuming my realm is WHATEVER.COM
     
      How can I get more verbose error logs without recompiling?

       Anyone know a good url with tips / pointers / whathave you... I 
have found the SUSE docs to be pretty helpful.

      
       And, once i've generated my ldap principal, and his key... can I 
copy the key out of the keytab and chown/chmod it for ldap in another 
directory and expect it to work? 

       

And off topic.... 

    Has anyone ever tried handing out kerberos tickets via dns? 

-Matt Joyce



More information about the Kerberos mailing list