>> Dieter Klünter <dieter(a)dkluenter.de> schrieb am
18.12.2021 um 07:28 in
Nachricht <20211218072816.769b483e(a)pink.fritz.box>:
Am Fri, 17 Dec 2021 16:34:41 +0100
schrieb Stefan Kania <stefan(a)kania-online.de>:
> Hello to all,
>
> I'm trying to get GSSAPI authentication running with the
> symas-packages. I generated a ldap.keytab file and it's readable for
> the ldap-user running the slapd. With the Debian-packages I ad:
> ---------
> export KRB5_KTNAME="/path/to/ldap.keytab"
> ---------
>
> I don't want to use the system keytab /etc/krb5.keytab. How do I tell
> slapd from the symas-packages to use my service-keytab?
>
> I try to add to my /etc/default/symas-openldap:
> ---------
> KRB5_KTNAME="/path/to/ldap.keytab
> ---------
> but it's not working.
/etc/sasl2/slapd.conf
mech_list: gssapi digest-md5 cram-md5 external
keytab: /etc/openldap/ldap.keytab
/etc/ldap.conf
KRB5_KTNAME=/etc/openldap/krb5.keytab
SASL_MECH GSSAPI
SASL_REALM My.SASL.REALM
Dieter,
I wonder: Did you "just know", or is that documented somewhere? If the latter,
maybe also add where you found those pearls of wisdom.
Regards,
Ulrich
-Dieter
--
Dieter Klünter | Systemberatungslapd
GPG Key ID: E9ED159B
53°37'09,95"N
10°08'02,42"E