On Tue, 22 Nov 2005, Sam Hartman wrote: > From: Sam Hartman <[EMAIL PROTECTED]> > To: Turbo Fredriksson <[EMAIL PROTECTED]> > Cc: [email protected] > Date: Tue, 22 Nov 2005 05:38:58 -0500 > Subject: Re: that interop mess: ldap, samba, kerberos > > >>>>> "Turbo" == Turbo Fredriksson <[EMAIL PROTECTED]> writes: > > Turbo> Eh... What? From what I know, slapd don't have any means of > Turbo> specifying a keytab so even if you create one, slapd won't > Turbo> use it... > > Well, slapd may be buggy. I'd like to think that saslauthd isn't > buggy in this way. > Cmu folks?
saslauthd certainly isn't buggy in this way. The Zanarotti, or screensaver, attack is avoided. We make extensive use of saslauthd here and the KerberosV logs clearly show a ticket-granting ticket (krbtgt/[EMAIL PROTECTED]) being acquired and then used to acquire host/[EMAIL PROTECTED] credentials. The saslauthd code caters for both the Heimdal and MIT Kerberos libraries. We're also using OpenLDAP with KerberosV. That's showing the above correct behaviour when authenticating users. I wasn't responsible for building the servers so I'm not that familiar with the code. But I suspect that it may well be using saslauthd. -- Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK [EMAIL PROTECTED] Phone: +44 1225 386101 ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
