Indexer wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1Hi, Im attempting to use Kerberos as a password storage backend in my ldap server. I have the server setup with its own principal of the form ldap/domainn...@realm , and this keytab is in the KRB5_KTNAME environment variable as slapd starts. I have put olcSaslRealm=REALM and olcSaslHost=kdc.domain into my cn=config. Then, i have uid=user, where the userPassword attribute is {kerberos}u...@realm
Who told you to do that? There is no such password scheme in any OpenLDAP documentation.
When attempting to bind to this user, it seems to fail. When i reset the password to a standard SSHA hash, it authenticates correctly. I can authenticate with kerberos to the host that the ldap enabled client, but i just cannot use ldap with the kerberos password backend. Any help in solving what else i need to do in this would be greatly appreciated William Brown pgp.mit.edu
-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
