SASL/GSSAPI bind in LDAP plugin?
Nicolas Williams
Nicolas.Williams at sun.com
Wed Feb 15 18:54:56 EST 2006
On Wed, Feb 15, 2006 at 06:30:59PM -0500, Sam Hartman wrote:
> >>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams at sun.com> writes:
>
> Nicolas> On Wed, Feb 15, 2006 at 12:34:40PM -0500, Sam Hartman
> Nicolas> wrote:
> >> I think that what you want to do is have at least one KDC on a
> >> directory server and use SASL external with a unix domain
> >> socket.
>
> Nicolas> Sigh.
>
> what's wrong with my suggestion?
KDCs relying on KDCs to bootstrap?
IIRC you had wanted to be able to separate the KDCs and the DSs, but
this way you end up with the DSs running KDCs; and while you can
configure packet filters, etc., it'd be easier, if you still wanted
this, to just not have to run KDCs on the DSs.
Nico
--
More information about the krbdev
mailing list