[Pkg-openldap-devel] Bug#412017: slapd: Add an option to specify the Kerberos keytab to use
Russ Allbery
rra at debian.org
Fri Jun 1 23:52:56 UTC 2007
> I'm using OpenLDAP with GSSAPI authentication.
>
> Is it possible to specify the keytab file to use with an option like:
> keytab-file /etc/ldap/ldap.keytab
>
> for example ?
>
> It will permit to use different keytab for each services, for now I add
> export KRB5_KTNAME="FILE:/etc/ldap/ldap.keytab"
>
> to the /etc/default/slapd file.
GSSAPI doesn't really expose an API to set the keytab to use, and
OpenLDAP's use of GSSAPI is additional through several levels of
indirection through various libraries, so it would be difficult to
implement this as a slapd.conf option (apart from having slapd set the
environment variable itself, which seems like a hack).
Setting KRB5_KTNAME is really the supported mechanism for this.
I've added a commented-out example in /etc/default/slapd for setting this
variable as documentation.
--
Russ Allbery (rra at debian.org) <http://www.eyrie.org/~eagle/>
More information about the Pkg-openldap-devel
mailing list