SASL AuthN to LDAP
Brendan Kearney
bpk678 at gmail.com
Tue Oct 18 17:02:28 CEST 2016
On 10/18/2016 10:55 AM, Brian Candler wrote:
> On 18/10/2016 15:24, Brendan Kearney wrote:
>> i am setting
>>
>> KRB5_CLIENT_KTNAME = '/etc/raddb/radius.keytab'
>>
>> in the sasl {} stanzas in mods-available/ldap,
> As it says in the sample config:
>
> # Unfortunately the only way to control Keberos [sic] here is
> through
> # environmental variables, as cyrus-sasl provides no API to
> # set the krb5 config directly.
>
> So the way I got it to work was to set the environment variable in
> /etc/default/freeradius [for Ubuntu, when running as a service], or
> directly when running from the command line:
>
> KRB5_CCNAME=... freeradius -X
>
> If it's possible to set environment variables *within* freeradius's
> configuration, I don't know how to do that.
>
> Regards,
>
> Brian.
thanks, i figured it was going to be something along those lines. with
systemd based OS's, you can created a directory, such as
/etc/systemd/system/radiusd.d/ and put a .conf file in there to override
or augment the service, but that does nothing for command line. running
radiusd -X will never pick up the systemd "helper" config. is there a
way have that "helper" sourced when running radiusd -X?
More information about the Freeradius-Users
mailing list