Matt-
I think I see what you're getting at. The k5start tool looks extremely
cool and I think I'll use that. Can I skip using SASL to use this
method of authentication? Or do I still need something like:
bindmethod=sasl saslmech=GSSAPI
in my syncrepl entry in slapd.conf?
Also, if I use SyncRep can I skip all the stuff about setting up
replication with slurpd? That would be very nice as that slurpd stuff
looked kind of sticky.
Sorry about the probably basic questions, I'm kind of new to this stuff
and am picking it up on the way.... :)
ciao, erich
Matthew J. Smith wrote:
Erich-
You will need to use the keytab to fetch a TGT for the user account
under which the OpenLDAP server is running. Either a cron-job running
kinit, or k5start (first Google hit:
http://www.eyrie.org/~eagle/software/kstart/k5start.html ) should do the
trick. Assuming you are using SyncRepl, you will need to do this on
each slave LDAP server.
HTH,
-Matt
