SASL AuthN to LDAP

Brian Candler b.candler at pobox.com
Tue Oct 18 16:55:39 CEST 2016


On 18/10/2016 15:24, Brendan Kearney wrote:
> i am setting
>
> KRB5_CLIENT_KTNAME = '/etc/raddb/radius.keytab'
>
> in the sasl {} stanzas in mods-available/ldap,
As it says in the sample config:

         #  Unfortunately the only way to control Keberos [sic] here is 
through
         #  environmental variables, as cyrus-sasl provides no API to
         #  set the krb5 config directly.

So the way I got it to work was to set the environment variable in 
/etc/default/freeradius [for Ubuntu, when running as a service], or 
directly when running from the command line:

KRB5_CCNAME=... freeradius -X

If it's possible to set environment variables *within* freeradius's 
configuration, I don't know how to do that.

Regards,

Brian.


More information about the Freeradius-Users mailing list