"Le Trung Kien" aloneattack@gmail.com writes:
As you know, on each client machine, I type "setup" and go in "Authentication Configuration" then fill up information about kerberos and ldap server. And so, my users could login our Kerberos&LDAP system.
after login, users must get ticket to use ldap services by emit command : "kinit" then type their kerberos password. After get their tickets, they can use ldap services. I have tested this with "ldapwhoami" and get the proper user information (which belongs to ldap). And I have only password on Kerberos for each user. If I were wrong, please show me :) Could you explain to me how SASL gets involved in this ?
It is the SASL Mechanism GSSAPI that comes into the game. Your users may connect to any network oriented service like smtp, imap, ldap by calling the GSSAPI mechanism.
-Dieter