22 Aug 10:08
slapd with Kerberos and multihomed host
From: JUNG, Christian <christian.jung <at> saarstahl.com>
Subject: slapd with Kerberos and multihomed host
Newsgroups: gmane.network.openldap.general
Date: 2008-08-22 08:12:46 GMT
Subject: slapd with Kerberos and multihomed host
Newsgroups: gmane.network.openldap.general
Date: 2008-08-22 08:12:46 GMT
Hi, is there a possibility to configure slapd on a multihomed host to authenticate on the different interfaces with different Kerberos principals? Example: one host running linux with two NICs (eth0, eth1) and slapd eth0: IP 10.0.0.23, hostname ldap.sn-1.example.com eth1: IP 10.1.0.42, hostname ldap.sn-2.example.com A client which connects via hostname ldap.sn-1.example.com would request a ticket for the principal ldap/ldap.sn-1.example.com <at> EXAMPLE.COM and one connecting via ldap.sn-2.example.com would request a ticket for ldap/ldap.sn-2.example.com <at> EXAMPLE.COM. Does it suffice to store both keys in the keytab to enable slapd to authenticate for both principals, i.e. does it picks the right key? Which hostname should I define as sasl-host when using SASL to enable plain-text authentication over a SSL-secured connection or is it possible to set multiple sasl-hosts? bye Chris -- -- phone: +49 6898/10-4987 web : www.saarstahl.de mail : Hofstattstraße 106a D 66333 Voelklingen(Continue reading)
RSS Feed