Hi All, I've added for my needs GSSAPI authentication to the LDAP backend and thought it may be nice to share. I've developed using Heimdal Kerberos, and MIT Kerberos may not work out of the box.
The original patchset was developed against PowerDNS 2.9.22 (the 2.9.22-0* files) and is the most tested. I've ported it to trunk (the trunk-0* files). The only test was "does it compile (y/n)". It does, and as the code is the same it should work fine too. GSSAPI is controlled by the following configuration directives: - ldap-bindmethod: 'simple' or 'gssapi', defaulting to 'simple'. The method to use to bind to the LDAP server. 'simple' keeps the original behavior. - ldap-krb5-keytab: no default. The path to the file holding the keytab to use to get a TGT. This file must only be readable by the PowerDNS account. - ldap-krb5-ccache: no default, using the Kerberos implementation values. The path to the credentials cache file. If using the default value then credentials will be stored in /tmp/krb5cc_<uid>, which may not be the expected behavior. Cheers, Grégory
2.9.22-01-move-connection-creation-code-out-of-ctor.diff.gz
Description: GNU Zip compressed data
2.9.22-02-refactor.diff.gz
Description: GNU Zip compressed data
2.9.22-03-add-simple-authenticator.diff.gz
Description: GNU Zip compressed data
2.9.22-04-add-gssapi-authenticator.diff.gz
Description: GNU Zip compressed data
trunk-01-refactor.diff.gz
Description: GNU Zip compressed data
trunk-02-add-simple-authenticator.diff.gz
Description: GNU Zip compressed data
trunk-03-add-gssapi-authenticator.diff.gz
Description: GNU Zip compressed data
_______________________________________________ Pdns-dev mailing list [email protected] http://mailman.powerdns.com/mailman/listinfo/pdns-dev
