"JUNG, Christian" <[EMAIL PROTECTED]> writes: > Hi, > > is there a possibility to configure slapd on a multihomed host to > authenticate on the different interfaces with different Kerberos > principals? > > Example: > one host running linux with two NICs (eth0, eth1) and slapd > eth0: IP 10.0.0.23, hostname ldap.sn-1.example.com > eth1: IP 10.1.0.42, hostname ldap.sn-2.example.com > > A client which connects via hostname ldap.sn-1.example.com would > request a ticket for the principal > ldap/[EMAIL PROTECTED] and one connecting via > ldap.sn-2.example.com would request a ticket for > ldap/[EMAIL PROTECTED]
You may run 2 different instances of slapd, the second instance as proxy. > Does it suffice to store both keys in the keytab to enable slapd to > authenticate for both principals, i.e. does it picks the right key? yes, if your system is setup accordingly. > Which hostname should I define as sasl-host when using SASL to enable > plain-text authentication over a SSL-secured connection or is it > possible to set multiple sasl-hosts? As default slapd uses hostname (gethostbyname(3)) as sasl host. -Dieter -- Dieter Klünter | Systemberatung http://www.dkluenter.de GPG Key ID:8EF7B6C6
