Alexander Tamm <[EMAIL PROTECTED]> writes: > Hi, > > I'm struggling with the documentation for OpenLDAP, SASL, kerberos and > whatnot. Basically, I'm trying to create a directory which authenticates > on a AD-service using kerberos. I have a working kerberos solution for > dovecot IMAP, which authenticats from an AD KDC. I guess what I'm asking > is this: is it actually possible for OpenLDAP to function as a kerberos > client? I haven't really found any information which would explicitly > confirm this. The documentation I find mostly seems to indicate that I > need to setup a new KDC.
You may use sasl gssapi mechanism, but you have to tweak AD to create service and host principals and tickets. I have done it, so it is possible :-) -Dieter -- Dieter Klünter | Systemberatung http://www.dkluenter.de GPG Key ID:8EF7B6C6
