Help with SASL/GSSAPI to remote Kerberos server
Sebastian Hanigk
hanigk at in.tum.de
Wed Feb 20 10:49:11 EST 2008
"Douglas E. Engert" <deengert at anl.gov> writes:
> As Jeff pointed out, not with GSSAPI. What you might be looking for
> is slapd code to take a username and password and do in effect a kinit
> and a verify tgt, or have a sasl plugin do it for your. I don't know
> of one.
There is an ugly hack: having a userPassword field with "{SASL}<Kerberos
principal>" in LDAP you can employ saslauthd's Kerberos backend. We use
it as a crutch for a web application which can only authenticate against
an LDAP directory (*cough* Zope *cough*).
Sebastian
More information about the Kerberos
mailing list