On Thu, Dec 30, 2010 at 11:49:23AM -0800, Russ Allbery wrote:
Have you got the one-line patch?
Included below.
Thank you Russ.
Discussed further on kerbe...@mit.edu list, and ticket raised as
http://bugzilla.cyrusimap.org/show_bug.cgi?id=3380
Regards,
Brian.
On Wed, Dec 29, 2010 at 10:21:28AM -0800, Russ Allbery wrote:
My understanding is that modern kerberos apps should just try all keys in
the keytab until they find one which decrypts the ticket.
http://mailman.mit.edu/pipermail/kerberos/2010-December/016797.html
Cyrus SASL doesn't. This
On Wed, Dec 29, 2010 at 05:40:05PM +, Brian Candler wrote:
However I've done some testing, and the interaction between the krb5 default
realm, the olcSaslRealm and the actual realm of the request appears to be
rather bizarre.
I found a hint here:
On Wed, Dec 29, 2010 at 07:57:43AM +0100, Dieter Kluenter wrote:
The default ssf of ldapi is 71, but you may change localSSF in
slapd.conf(5).
[...]
Thank you, that is very clear.
Having changed that, I can use EXTERNAL with minssf=112, but not GSSAPI. I
find that if I set minssf=56 it's
On Tue, Dec 28, 2010 at 02:28:40PM -0800, Howard Chu wrote:
(1) According to the documentation at
http://www.openldap.org/doc/admin24/sasl.html#GSSAPI
then the authentication DN should be
uid=primary[/instance],cn=realm,cn=gssapi,cn=auth
However, running slapd in debug mode I see the
Am Wed, 29 Dec 2010 16:50:17 +
schrieb Brian Candler b.cand...@pobox.com:
On Wed, Dec 29, 2010 at 07:57:43AM +0100, Dieter Kluenter wrote:
The default ssf of ldapi is 71, but you may change localSSF in
slapd.conf(5).
[...]
Thank you, that is very clear.
Having changed that, I can
Dieter Kluenter wrote:
Am Wed, 29 Dec 2010 16:50:17 +
schrieb Brian Candlerb.cand...@pobox.com:
On Wed, Dec 29, 2010 at 07:57:43AM +0100, Dieter Kluenter wrote:
The default ssf of ldapi is 71, but you may change localSSF in
slapd.conf(5).
[...]
Thank you, that is very clear.
Having
Hello,
I'm setting up an openldap server for Kerberos (GSSAPI) authentication only.
I'm using slapd-2.4.21 from Ubuntu 10.04.1.
It's basically working, and I had to do very little other than change
export KRB5_KTNAME in /etc/default/slapd to point to the service keytab.
However, there are a
Supplementary question: I tried to set minssf so as to require encryption,
like this:
# ldapmodify -Y EXTERNAL -H ldapi:/// EOS
dn: cn=config
replace: olcSaslRealm
olcSaslRealm: WS.NSRC.ORG
-
replace: olcSaslSecProps
olcSaslSecProps: noanonymous,noplain,minssf=112
EOS
Unfortunately I now seem to
On Tue, Dec 28, 2010 at 09:26:56AM +, Brian Candler wrote:
(1) According to the documentation at
http://www.openldap.org/doc/admin24/sasl.html#GSSAPI
then the authentication DN should be
uid=primary[/instance],cn=realm,cn=gssapi,cn=auth
However, running slapd in debug mode I see the
Brian Candler wrote:
Hello,
I'm setting up an openldap server for Kerberos (GSSAPI) authentication only.
I'm using slapd-2.4.21 from Ubuntu 10.04.1.
It's basically working, and I had to do very little other than change
export KRB5_KTNAME in /etc/default/slapd to point to the service keytab.
Am Tue, 28 Dec 2010 09:41:33 +
schrieb Brian Candler b.cand...@pobox.com:
Supplementary question: I tried to set minssf so as to require
encryption, like this:
# ldapmodify -Y EXTERNAL -H ldapi:/// EOS
dn: cn=config
replace: olcSaslRealm
olcSaslRealm: WS.NSRC.ORG
-
replace:
12 matches
Mail list logo