Hello all, I have an openldap server that successfully authenticates against a kerberos setup:
[EMAIL PROTECTED] ~]$ ldapwhoami -Y GSSAPI SASL/GSSAPI authentication started SASL username: [EMAIL PROTECTED] SASL SSF: 56 SASL installing layers dn:uid=jamie,ou=people,dc=example,dc=com Result: Success (0) When I do not put -Y GSSAPI in, I get: [EMAIL PROTECTED] ~]$ ldapwhoami ldap_sasl_interactive_bind_s: No such object (32) Is it possible to force the client or server to use GSSAPI for authentication, so I don't need to write it every time. In my slapd.conf file I have: TLSCertificateFile /etc/openldap/cacerts/newcert.pem TLSCertificateKeyFile /etc/openldap/cacerts/newreq.pem ... sasl-secprops noanonymous,noplain,noactive saslRegexp uid=([^/]*),cn=GSSAPI,cn=auth uid= $1,ou=people,dc=example,dc=com In particular this sasl-secprops is (according to the website I pilfered that line off) in theory will force the use of GSSAPI, but in practice it doesn't. The reason I wish to force GSSAPI is to make a java app I need to interoperate with use the right mechanism (i.e. GSSAPI), and hence authenticate against kerberos via LDAP rather than authenticate against ldap only. Thanks for any help. Jamie ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
