-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 22/12/2010, at 20:30, Jörg Herzinger wrote:
Hi, I've been running openLDAP with GSSAPI authentication for quite a while now and everything has been running quite fine. The last days I tried enabling SASL password auth as described in [1] Now password authentication works fine, but it seems that GSS somehow has been disabled:
root@ldap1 ~ # ldapsearch -x -H ldap:// -b '' -s base -LLL supportedSASLMechanisms dn:
While without SASL enabled I get:
root@ldap1 ~ # ldapsearch -x -H ldap:// -b '' -s base -LLL supportedSASLMechanisms dn: supportedSASLMechanisms: GSSAPI
Is it possible to enable both, GSS and SASL pass through auth? I checked the dokumentation and couldn't find a clue if it is or not.
It is. I do it. Just follow both setups and they don't interfere with each other.
To clarify this means SASL passthrough (aka userPassword: {SASL}user@realm ) and GSSAPI you want, correct?
openLDAP version is 2.4.11 on Debian Lenny, Kerberos is MIT version 1.6 also on Lenny. Slapd config can be found here [2]
tia, Jörg Herzinger
[1] http://www.openldap.org/doc/admin24/security.html#Pass-Through authentication [2] https://github.com/joerg/global2000-puppet/blob/master/modules/ldapserver/te...
William Brown
pgp.mit.edu