Kerberos syncrepl support for OpenLDAP
Russ Allbery
rra at stanford.edu
Tue Jan 12 16:32:35 EST 2010
Jaap Winius <jwinius at umrk.nl> writes:
> Excellent! My new k5start command, which can be executed as root, looks
> like this:
> k5start -U -f /etc/krb5.keytab -b -K 10 -l 24h \
> -k /tmp/krb5cc_105 -o openldap
> I also found out that the name of the credential cache (/tmp) file is
> not arbitrary. In particular, the file name must end with the UID number
> of the user that it's for, in my case the openldap user with UID=105. At
> least, that's the way it works on Debian lenny.
It's arbitrary *if* you set KRB5CCNAME to point to the ticket cache.
Otherwise, yes, you want to make it match the default ticket cache name.
> Incidentally, with kstart 3.15, if the -o flag is used without -k, a
> segfault and a core dump will be the result.
Yeah, will be fixed in 3.16. Sorry about that.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the Kerberos
mailing list