>>> Dieter Klünter <die...@dkluenter.de> schrieb am 18.12.2021 um 07:28 in Nachricht <20211218072816.769b4...@pink.fritz.box>: > Am Fri, 17 Dec 2021 16:34:41 +0100 > schrieb Stefan Kania <ste...@kania-online.de>: > >> Hello to all, >> >> I'm trying to get GSSAPI authentication running with the >> symas-packages. I generated a ldap.keytab file and it's readable for >> the ldap-user running the slapd. With the Debian-packages I ad: >> --------- >> export KRB5_KTNAME="/path/to/ldap.keytab" >> --------- >> >> I don't want to use the system keytab /etc/krb5.keytab. How do I tell >> slapd from the symas-packages to use my service-keytab? >> >> I try to add to my /etc/default/symas-openldap: >> --------- >> KRB5_KTNAME="/path/to/ldap.keytab >> --------- >> but it's not working. > > /etc/sasl2/slapd.conf > mech_list: gssapi digest-md5 cram-md5 external > keytab: /etc/openldap/ldap.keytab > > /etc/ldap.conf > KRB5_KTNAME=/etc/openldap/krb5.keytab > SASL_MECH GSSAPI > SASL_REALM My.SASL.REALM
Dieter, I wonder: Did you "just know", or is that documented somewhere? If the latter, maybe also add where you found those pearls of wisdom. Regards, Ulrich > > -Dieter > > -- > Dieter Klünter | Systemberatungslapd > GPG Key ID: E9ED159B > 53°37'09,95"N > 10°08'02,42"E