I stuff the LDAP env vars before I start krb5kdc: /etc/sysconfig$ cat krb5kdc KRB5KDC_ARGS= KRB5REALM= LDAPTLS_CERT=/var/cosign/crt/ldap-client-krbkdc.crt; export LDAPTLS_CERT LDAPTLS_KEY=/var/cosign/crt/ldap-client-krbkdc.key; export LDAPTLS_KEY LDAPSASL_MECH=EXTERNAL; export LDAPSASL_MECH DAEMON_COREFILE_LIMIT=unlimited
I can test this by setting them in the shell and using ldapvi -d -Y EXTERNAL and it'll tell you who you're connected as, which comes from the CN=blah,O=blah in the certs. Then, you have to set up your dbmodules in kdc.conf. Chris On 2011/10/03 10:35, Tom Parker wrote: > Good Afternoon. > > I am having problems getting my krb5kdc to talk to an LDAP server > protected with StartTLS on port 389. > > I am not sure how to tell my kdc in kdc.conf to use TLS with a specific > CA certificate. > > Is this possible and if so how. > > Thanks a lot. > > Tom Parker > > ________________________________________________ > Kerberos mailing list [email protected] > https://mailman.mit.edu/mailman/listinfo/kerberos > ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
