SASL
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Wed Apr 22 21:46:33 CEST 2015
> On 22 Apr 2015, at 18:56, Brendan Kearney <bpk678 at gmail.com> wrote:
>
> i see that in 3.0.7 SASL binds were introduced and that non-interactive
> methods are available. does this mean kerberos5 or gssapi methods can
> be used? does this mean that the keytab i have for the krb5 module can
> be used by the ldap module to bind to the directory?
No. 3.1.x may. But the krb5 module would have to be modified to have an option to keep user's TGT in the keytab once authentication had completed. It doesn't currently, as that was causing slowdowns in 2.2.x.
Not sure though, might be weirdness with two versions of the kerberos library accessing the same keytab. Locks aren't visible to the process that created them.
Is there any kind of keytab daemon that could act as an arbiter for keytab access?
-Arran
Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS development team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 872 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20150422/d48ecbb5/attachment.sig>
More information about the Freeradius-Users
mailing list