Authenticate to LDAP with GSSAPI
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Sun Jun 14 04:27:06 CEST 2015
> On 13 Jun 2015, at 22:08, Arran Cudbard-Bell <a.cudbardb at freeradius.org> wrote:
>
>
>> On 13 Jun 2015, at 21:37, Alan DeKok <aland at deployingradius.com> wrote:
>>
>> On Jun 13, 2015, at 9:27 PM, Brendan Kearney <bpk678 at gmail.com> wrote:
>>> i vote for this functionality, too.
>>
>> You're free to write a patch and submit it.
>
> It's already supported. I just backported it from v3.1.x as SASL non-interactive bind didn't seem to work for EXTERNAL binds (which was the main reason I added SASL bind support).
>
> Regarding setting the keytab... no idea. How do you do it for ldapsearch?
Hmm, this explains the limitation:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=412017
Apparently it's KRB5_KTNAME, there are probably other environmental variables to set other things...
-Arran
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 872 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20150613/541f3b97/attachment.sig>
More information about the Freeradius-Users
mailing list