directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Enrique Rodriguez" <enriqu...@gmail.com>
Subject Re: [Kerberos] Kerberos + OpenLDAP
Date Tue, 27 Feb 2007 22:42:51 GMT
On 2/27/07, Alex Karasulu <akarasulu@apache.org> wrote:
> Would be nice to get SASL setup for Apache Directory.  Any idea if that's
> possible soon?

Yes, I think so.  I'll put some more time into it this weekend.

I'll go ahead and assign DIRSERVER-277 and DIRSERVER-278 to myself.

Once GSSAPI is working, I could use some feedback as to what other
SASL mechs we should support.

I'll have some questions when we get to how to configure this.  We'll
want to make supportedSASLmechanisms configurable and determine how
service and user principals are found.  We've always just put them in
ou=users but we'll want users vs service principals and we may even
want multiple ou=users, say for dc=example,dc=com and dc=apache,dc=org
if you have multiple partitions, for example.

Also, we have issues with centralizing the enforcement of password
policy and with both generating and provisioning Kerberos keys.  I'll
cover those separately in new emails.

Enrique

Mime
View raw message