On Fri, Jun 01, 2007 at 04:52:56PM -0700, Russ Allbery wrote: > > I'm using OpenLDAP with GSSAPI authentication.
> > Is it possible to specify the keytab file to use with an option like: > > keytab-file /etc/ldap/ldap.keytab > > for example ? > > It will permit to use different keytab for each services, for now I add > > export KRB5_KTNAME="FILE:/etc/ldap/ldap.keytab" > > to the /etc/default/slapd file. > GSSAPI doesn't really expose an API to set the keytab to use, and > OpenLDAP's use of GSSAPI is additional through several levels of > indirection through various libraries, so it would be difficult to > implement this as a slapd.conf option (apart from having slapd set the > environment variable itself, which seems like a hack). > Setting KRB5_KTNAME is really the supported mechanism for this. > I've added a commented-out example in /etc/default/slapd for setting this > variable as documentation. Yep, this is what I'm doing too FWIW, I agree setting an example is the best solution here. I'll go back to silently watching your great triage work now :) -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
