Help with SASL/GSSAPI to remote Kerberos server

Sebastian Hanigk hanigk at in.tum.de
Wed Feb 20 10:49:11 EST 2008


"Douglas E. Engert" <deengert at anl.gov> writes:

> As Jeff pointed out, not with GSSAPI. What you might be looking for
> is slapd code to take a username and password and do in effect a kinit
> and a verify tgt, or have a sasl plugin do it for your. I don't know
> of one.

There is an ugly hack: having a userPassword field with "{SASL}<Kerberos
principal>" in LDAP you can employ saslauthd's Kerberos backend. We use
it as a crutch for a web application which can only authenticate against
an LDAP directory (*cough* Zope *cough*).


Sebastian



More information about the Kerberos mailing list