Hi Gregory! Many thanks for this! Nick, as you "own" the LDAP backend now, could you let me know your thoughts? You can get the patches from the pdns-dev archive which can be found from wiki.powerdns.com.
Thanks. On Mon, Jul 18, 2011 at 09:51:35PM +0200, Grégory Oestreicher wrote: > Hi All, > > I've added for my needs GSSAPI authentication to the LDAP backend and thought > it may be nice to share. I've developed using Heimdal Kerberos, and MIT > Kerberos may not work out of the box. > > The original patchset was developed against PowerDNS 2.9.22 (the 2.9.22-0* > files) and is the most tested. I've ported it to trunk (the trunk-0* files). > The > only test was "does it compile (y/n)". It does, and as the code is the same > it > should work fine too. > > GSSAPI is controlled by the following configuration directives: > > - ldap-bindmethod: 'simple' or 'gssapi', defaulting to 'simple'. The method > to > use to bind to the LDAP server. 'simple' keeps the original behavior. > > - ldap-krb5-keytab: no default. The path to the file holding the keytab to > use > to get a TGT. This file must only be readable by the PowerDNS account. > > - ldap-krb5-ccache: no default, using the Kerberos implementation values. The > path to the credentials cache file. If using the default value then > credentials > will be stored in /tmp/krb5cc_<uid>, which may not be the expected behavior. > > Cheers, > Grégory > _______________________________________________ > Pdns-dev mailing list > Pdns-dev@mailman.powerdns.com > http://mailman.powerdns.com/mailman/listinfo/pdns-dev _______________________________________________ Pdns-dev mailing list Pdns-dev@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-dev
