14 May
2020
14 May
'20
10:37 a.m.
On Thu, May 14, 2020 at 1:29 PM Andreas Hasenack andreas@canonical.com wrote:
Hi,
On Thu, May 14, 2020 at 2:27 PM Braiam braiamp@gmail.com wrote:
I'm using Debian stable, slapd=2.4.47+dfsg-3+deb10u1, libsasl2-modules-gssapi-heimdal=2.1.27+dfsg-1+deb10u1.
debian@ldap01:~$ sudo ktutil -k /etc/krb5.keytab list /etc/krb5.keytab:
Can the slapd user read this keytab file?
Yes, it can.
debian@ldap01:~$ getfacl /etc/krb5.keytab getfacl: Removing leading '/' from absolute path names # file: etc/krb5.keytab # owner: root # group: root user::rw- user:openldap:r-- group::--- mask::r-- other::---
--
Braiam