Using X.509 (sasl external) is super easy (once you figure it out, like a lot of this stuff), and is nice because you are not relying on a KDC, and no passwords need displayed in your syncrepl configs.
________________________________ From: brendan kearney <bpk...@gmail.com> Sent: Friday, March 8, 2024 10:09 AM To: Ben Poliakoff <b...@reed.edu> Cc: mbala...@opentext.com <mbala...@opentext.com>; openldap-technical@openldap.org <openldap-technical@openldap.org> Subject: Re: Configure replication without a plaintext password. Ben, I would like to use GSSAPI for my replication. Would you be willing to share how you went about it? Thanks, Brendan