Re: symas openldap-packages and kerberos

17 Dec 2021


      Am Fri, 17 Dec 2021 16:34:41 +0100
schrieb Stefan Kania stefan@kania-online.de:
...
Hello to all,
I'm trying to get GSSAPI authentication running with the
symas-packages. I generated a ldap.keytab file and it's readable for
the ldap-user running the slapd. With the Debian-packages I ad:

export KRB5_KTNAME="/path/to/ldap.keytab"
I don't want to use the system keytab /etc/krb5.keytab. How do I tell
slapd from the symas-packages to use my service-keytab?
I try to add to my /etc/default/symas-openldap:
KRB5_KTNAME="/path/to/ldap.keytab
but it's not working.
/etc/sasl2/slapd.conf
mech_list: gssapi digest-md5 cram-md5 external
keytab: /etc/openldap/ldap.keytab
/etc/ldap.conf
KRB5_KTNAME=/etc/openldap/krb5.keytab
SASL_MECH GSSAPI
SASL_REALM My.SASL.REALM
-Dieter
-- 
Dieter Klünter | Systemberatungslapd
GPG Key ID: E9ED159B
53°37'09,95"N
10°08'02,42"E

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

Re: symas openldap-packages and kerberos

export KRB5_KTNAME="/path/to/ldap.keytab"

I try to add to my /etc/default/symas-openldap:

KRB5_KTNAME="/path/to/ldap.keytab