Re: symas openldap-packages and kerberos

[Dieter Klünter]

Am Fri, 17 Dec 2021 16:34:41 +0100
schrieb Stefan Kania :

> Hello to all,
> 
> I'm trying to get GSSAPI authentication running with the
> symas-packages. I generated a ldap.keytab file and it's readable for
> the ldap-user running the slapd. With the Debian-packages I ad:
> -
> export KRB5_KTNAME="/path/to/ldap.keytab"
> -
> 
> I don't want to use the system keytab /etc/krb5.keytab. How do I tell
> slapd from the symas-packages to use my service-keytab?
> 
> I try to add to my /etc/default/symas-openldap:
> -
> KRB5_KTNAME="/path/to/ldap.keytab
> -
> but it's not working.

/etc/sasl2/slapd.conf
mech_list: gssapi digest-md5 cram-md5 external
keytab: /etc/openldap/ldap.keytab

/etc/ldap.conf
KRB5_KTNAME=/etc/openldap/krb5.keytab
SASL_MECH GSSAPI
SASL_REALM My.SASL.REALM

-Dieter

-- 
Dieter Klünter | Systemberatungslapd
GPG Key ID: E9ED159B
53°37'09,95"N
10°08'02,42"E

symas openldap-packages and kerberos

[Stefan Kania]

Hello to all,

I'm trying to get GSSAPI authentication running with the symas-packages.
I generated a ldap.keytab file and it's readable for the ldap-user
running the slapd. With the Debian-packages I ad:
-
export KRB5_KTNAME="/path/to/ldap.keytab"
-

I don't want to use the system keytab /etc/krb5.keytab. How do I tell
slapd from the symas-packages to use my service-keytab?

I try to add to my /etc/default/symas-openldap:
-
KRB5_KTNAME="/path/to/ldap.keytab
-
but it's not working.

Stefan




smime.p7s
Description: S/MIME Cryptographic Signature