That is very close, though I'll make one minor correction. >From Samba to OpenLDAP via TLS uses smbldap-tools and doesn't need SASL. SASL with the GSSAPI mechanism will be what is used when the LDAP server asks the Kerberos KDC if the password is valid.
Jeffrey Altman wrote: > Let me rephrase what you are attempting to do. You want to > authenticate the LDAP query from the Samba client to the OpenLDAP > server by sending a username and password from Samba to OpenLDAP over > a TLS protected connection using SASL. > > Instead of the LDAP server storing the password and using that for > authentication, you want to have the LDAP server ask the Kerberos KDC > if the password is valid. > Please confirm that this is your desire. > > -- Wes Modes Server Administrator & Programmer Analyst McHenry Library Computing & Network Services Information and Technology Services 459-5208 ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos