> I'm using OpenLDAP with GSSAPI authentication. > > Is it possible to specify the keytab file to use with an option like: > keytab-file /etc/ldap/ldap.keytab > > for example ? > > It will permit to use different keytab for each services, for now I add > export KRB5_KTNAME="FILE:/etc/ldap/ldap.keytab" > > to the /etc/default/slapd file.
GSSAPI doesn't really expose an API to set the keytab to use, and OpenLDAP's use of GSSAPI is additional through several levels of indirection through various libraries, so it would be difficult to implement this as a slapd.conf option (apart from having slapd set the environment variable itself, which seems like a hack). Setting KRB5_KTNAME is really the supported mechanism for this. I've added a commented-out example in /etc/default/slapd for setting this variable as documentation. -- Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
