On Wed, 19 Jan 2011 16:18:09 +0000 JR Aquino <[email protected]> wrote:
> On 1/18/11 4:02 PM, "Simo Sorce" <[email protected]> wrote: > > > > >We need to use authenticated lda binds in init scripts as otherwise > >starting components fails when the option to restrict anonymous > >access to ldap is set. > > > >In order to do that we need to also start the KDC unconditionally, so > >it has been removed form the list of services retrieved from ldap and > >always started/stopped/restarted explicitly in the script. > >This is necessary so the script can obtain kerberos credentials to > >bind to ds using its keytab. > > > >Fixes ticket #795 > > > >Simo. > > > >-- > >Simo Sorce * Red Hat, Inc * New York > >_______________________________________________ > >Freeipa-devel mailing list > >[email protected] > >https://www.redhat.com/mailman/listinfo/freeipa-devel > > > ACK > Thanks but Rich pointed me to the docs I couldn't find earlier in order to use SASL/EXTERNL instead of actual credentials. So I'll hold on this patch and try to propose an alternative that does not require SASL/GSSAPI auth. If that will be possible and satisfactorily I will retire this patch an propose a new one, otherwise I'll push this one. Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-devel
