Hi, Directory developers, As part of documenting practical uses of Apache Directory for Kerberos authentication, I got Kerberos authentication to OpenLDAP working. This uses the "SASL+GSS-API+Kerberos V5" mechanism. The "three-headed" Kerberos setup I tested was (1) OpenLDAP clients (2) OpenLDAP server and (3) Apache Directory. In this configuration, Apache Directory is being used as the KDC while OpenLDAP is a "service" or "relying party." The clients are the usual 'ldapsearch', etc.
I put the notes I have so far in DIRxSBOX at: http://cwiki.apache.org/confluence/display/DIRxSBOX/Kerberos+Authentication+to+OpenLDAP I still need to clean up my sample LDIFs. Enrique