Ok, cool thanks for that.
/Patrik
On 08/05/2010 03:49 PM, Stephen Gallagher wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 08/05/2010 09:43 AM, Patrik Martinsson wrote:
Hey,
I got this working today with these settings,
ldap_uri = ldap://foo.bar ldap_sasl_mech = gssapi ldap_krb5_keytab = /etc/krb5.keytab ldap_sasl_authid = nfs/xx.xxxx.xx
Note1, I could not get it to work with my ldaps://foo.bar, but maybe that's normal ? Maybe ssl isn't necessary when its krb ?
Hmm, it shouldn't be BROKEN, but it would definitely be unnecessary (and slower).
When using SASL-GSSAPI for the LDAP connection, your communication is already encrypted. Wrapping it in LDAPS would just mean that you were wasting processing power encrypting and decrypting twice.
Stephen Gallagher RHCE 804006346421761
Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkxawXIACgkQeiVVYja6o6PbLACeJ85g+QbZrub2qNk+tWs9HzMP JsQAn2KtE2tj9qnsv0EJ51LHVCsBSvH/ =DyL+ -----END PGP SIGNATURE----- _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel