As you know, on each client machine, I type "setup" and go in "Authentication Configuration" then fill up information about kerberos and ldap server.
And so, my users could login our Kerberos&LDAP system.

after login, users must get ticket to use ldap services by emit command : "kinit" then type their kerberos password. After get their tickets, they can use ldap services.
I have tested this with "ldapwhoami" and get the proper user information (which belongs to ldap).
And I have only password on Kerberos for each user.
If I were wrong, please show me :)
Could you explain to me how SASL gets involved in this ?

thank you.


2008/6/30 Martin Simovic <msimovic@concurrent-thinking.com>:
On Mon, 2008-06-30 at 09:48 +0700, Le Trung Kien wrote:
> Hi everyone,
>
> I have built up one server with Openldap, Cyrus SASL, MIT Kerberos V.
> Now, my server can authenticate users.
> In "Authentication Configuration", I set option information for LDAP
> server
> and Kerberos server. And I could login with accounts (Kerberos
> principals)
> which are created through Kerberos. And user information can be
> obtained
> from LDAP server.
> But it's seem to be only Openldap and Kerberos work with together.
> I can't figure out what the SASL role is in this strategy. And how it
> effects
> on my system.
> When I attempt setup phpldapadmin, I must configure SASL option, but I
> don't know how SASL works with LDAP in this strategy ?
>
> --
> Le Trung Kien.

Hi,

regarding your setup the SASL can be usefull to let your users
authenticate to LDAP whith their kerberos password.
the SASL actually glues the authentication (Kerberos) whith the
authorization (LDAP).

how do your users authenticate to LDAP? do you have different passwords
on LDAP accounts and on Kerberos principals? in you do, then your SASL
glue (pass through authentication) is not set up properly.

M.




--
Le Trung Kien.