OpenLDAP -> GSSAPI (SASL) -> KERBEROS V Questions

Gerald (Jerry) Carter jerry at samba.org
Tue Oct 19 07:29:15 EDT 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Matt Joyce wrote:

| What does a principal look like for ldap?
| assuming my realm is WHATEVER.COM

ldap/`hostname`@WHATEVER.COM

| How can I get more verbose error logs without recompiling?

Verbose error logs for the krb libs or for Openldap ?

| And, once i've generated my ldap principal, and his key...
| can I copy the key out of the keytab and chown/chmod it for
| ldap in another directory and expect it to work?

Since (as Sam already said), the service principal
name is ldap/fqdn at REALM, each ldap server will need its
own keytab.  It sounds like you are asking if you can
use the same keytab for multiple OpenLDAP installations.
Sorry if i misunderstood.




cheers, jerry
- ---------------------------------------------------------------------
Alleviating the pain of Windows(tm)      ------- http://www.samba.org
GnuPG Key                ----- http://www.plainjoe.org/gpg_public.asc
"If we're adding to the noise, turn off this song"--Switchfoot (2003)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFBdPqLIR7qMdg1EfYRAp03AJ9xVMKQv3VCklPirUJZg6q1LrhknwCeJ1Ni
99JXjBbZIIifIWb8xIbEioU=
=ML+D
-----END PGP SIGNATURE-----


More information about the Kerberos mailing list