OpenLDAP -> GSSAPI (SASL) -> KERBEROS V Questions
Gerald (Jerry) Carter
jerry at samba.org
Tue Oct 19 07:29:15 EDT 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Matt Joyce wrote:
| What does a principal look like for ldap?
| assuming my realm is WHATEVER.COM
ldap/`hostname`@WHATEVER.COM
| How can I get more verbose error logs without recompiling?
Verbose error logs for the krb libs or for Openldap ?
| And, once i've generated my ldap principal, and his key...
| can I copy the key out of the keytab and chown/chmod it for
| ldap in another directory and expect it to work?
Since (as Sam already said), the service principal
name is ldap/fqdn at REALM, each ldap server will need its
own keytab. It sounds like you are asking if you can
use the same keytab for multiple OpenLDAP installations.
Sorry if i misunderstood.
cheers, jerry
- ---------------------------------------------------------------------
Alleviating the pain of Windows(tm) ------- http://www.samba.org
GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc
"If we're adding to the noise, turn off this song"--Switchfoot (2003)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFBdPqLIR7qMdg1EfYRAp03AJ9xVMKQv3VCklPirUJZg6q1LrhknwCeJ1Ni
99JXjBbZIIifIWb8xIbEioU=
=ML+D
-----END PGP SIGNATURE-----
More information about the Kerberos
mailing list