Dieter Klünter dieter@dkluenter.de schrieb am 18.12.2021 um 07:28 in
Nachricht 20211218072816.769b483e@pink.fritz.box:
Am Fri, 17 Dec 2021 16:34:41 +0100 schrieb Stefan Kania stefan@kania-online.de:
Hello to all,
I'm trying to get GSSAPI authentication running with the symas-packages. I generated a ldap.keytab file and it's readable for the ldap-user running the slapd. With the Debian-packages I ad:
export KRB5_KTNAME="/path/to/ldap.keytab"
I don't want to use the system keytab /etc/krb5.keytab. How do I tell slapd from the symas-packages to use my service-keytab?
I try to add to my /etc/default/symas-openldap:
KRB5_KTNAME="/path/to/ldap.keytab
but it's not working.
/etc/sasl2/slapd.conf mech_list: gssapi digest-md5 cram-md5 external keytab: /etc/openldap/ldap.keytab
/etc/ldap.conf KRB5_KTNAME=/etc/openldap/krb5.keytab SASL_MECH GSSAPI SASL_REALM My.SASL.REALM
Dieter,
I wonder: Did you "just know", or is that documented somewhere? If the latter, maybe also add where you found those pearls of wisdom.
Regards, Ulrich
-Dieter
-- Dieter Klünter | Systemberatungslapd GPG Key ID: E9ED159B 53°37'09,95"N 10°08'02,42"E