You should check the iplanet rootdse ... AFAIK they don't support the SASL GSSAPI mechanism, although PADL software has a plugin that they will sell you ... I think it's 2K per server.
==D ---- Original message ---- >Date: 15 Feb 2002 13:21:38 -0500 >From: Sam Hartman <[EMAIL PROTECTED]> >Subject: Re: single sign-on with kerberos V5 and ldap >To: "Klaas Hagemann" <[EMAIL PROTECTED]> >Cc: <[EMAIL PROTECTED]> > >>>>>> "Klaas" == Klaas Hagemann <[EMAIL PROTECTED]> writes: > > Klaas> hi there, > > Klaas> i have still a problem with kerberos and ldap. > > Klaas> i have got a ldap v3 directory (netscape iplanet) with all my user = > Klaas> information. > Klaas> now i want to make singel sign on using kerberos V.=20 > Klaas> how can i make kerberos storing all the keys in the ldap directory? > > Klaas> the user should log on using kerberos, kerberos should ask the ldap = > Klaas> directory for this user. > > >Briefly, you don't actually want this configuration; it is not >necessary for single sign-on, and adds your LDAP database to your >security authentication/auditing domain. With most configurations it >also significantly increases how paranoid you need to be about LDAP >backups. > > >_______________________________________________ >Kerberos mailing list >[EMAIL PROTECTED] >http://mailman.mit.edu/mailman/listinfo/kerberos Darryl C Price Conversant Systems, LLC Email: [EMAIL PROTECTED] Phone: (513)768-3120 Fax: (513)984-3947 Web: http://www.convsys.com _______________________________________________ Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos
