Kerberos syncrepl support for OpenLDAP

Jaap Winius jwinius at umrk.nl
Sun Jan 10 07:58:09 EST 2010


Hi all,

It wasn't all that difficult to add MIT Kerberos V support to an OpenLDAP 
server for client authentication, but using it to encrypt synchronization 
traffic between provider and consumer servers is something else. 

I know how to configure OpenLDAP's syncrepl directive with the "simple" 
bindmethod, using a clear-text password exchange and clear-text database 
replication, but can anyone spare a few hints on how to configure things 
so that syncrepl uses Kerberos  encryption? I know it's possible, using 
stuff like GSSAPI and kinit cron jobs, but it's not well documented.

Thanks,

Jaap



More information about the Kerberos mailing list