Return-Path: 
 <dev-return-16224-apmail-directory-dev-archive=directory.apache.org@directory.apache.org>
Delivered-To: apmail-directory-dev-archive@www.apache.org
Received: (qmail 76716 invoked from network); 27 Feb 2007 22:21:04 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2)
  by minotaur.apache.org with SMTP; 27 Feb 2007 22:21:04 -0000
Received: (qmail 99247 invoked by uid 500); 27 Feb 2007 22:21:12 -0000
Delivered-To: apmail-directory-dev-archive@directory.apache.org
Received: (qmail 99206 invoked by uid 500); 27 Feb 2007 22:21:12 -0000
Mailing-List: contact dev-help@directory.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@directory.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@directory.apache.org>
List-Post: <mailto:dev@directory.apache.org>
List-Id: <dev.directory.apache.org>
Reply-To: "Apache Directory Developers List" <dev@directory.apache.org>
Delivered-To: mailing list dev@directory.apache.org
Received: (qmail 99188 invoked by uid 99); 27 Feb 2007 22:21:12 -0000
Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 27 Feb 2007 14:21:12 -0800
X-ASF-Spam-Status: No, hits=2.0 required=10.0
	tests=HTML_MESSAGE,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (herse.apache.org: domain of akarasulu@gmail.com designates
 64.233.182.186 as permitted sender)
Received: from [64.233.182.186] (HELO nf-out-0910.google.com) (64.233.182.186)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 27 Feb 2007 14:21:00 -0800
Received: by nf-out-0910.google.com with SMTP id o25so338999nfa
        for <dev@directory.apache.org>; Tue, 27 Feb 2007 14:20:39 -0800 (PST)
DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed;
        d=gmail.com; s=beta;
        h=domainkey-signature:received:received:message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:references:x-google-sender-auth;
        b=RPcEAazYErry1LHpR6M7PVeyTBDNgUSkh4x7Z0OA01UL+Yi3PvGvmmh+VTsDNSvA/XiQkeIuTV6k9ScwzUclIBC+82LP34xFQ4w6InhW6b5OQyrHHe7YpR0jbTLIdHHunDPzI7hdghmtoTD7AZJI2030VgfsZPPTEkAtRcNwzxQ=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=beta;
        h=received:message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:references:x-google-sender-auth;
        b=t184rk/E9WKrMVjZqw59bVB8q+LBCQ7quy9X79CYEvWvxn6L8mk4QABF2+hyk5QH7CSCDlDdbnhCtrwcsaE03m45wrSFuCZ0l0TErcic4G+d+WENXp6uU+x2+kFFa4tKf0pF1eSDVxEV/yXVfFMtzUp40C1LX7c3Sl72nWzloYE=
Received: by 10.49.10.3 with SMTP id n3mr2064371nfi.1172614839047;
        Tue, 27 Feb 2007 14:20:39 -0800 (PST)
Received: by 10.49.29.12 with HTTP; Tue, 27 Feb 2007 14:20:38 -0800 (PST)
Message-ID: <a32f6b020702271420q59dfd15h6995845fe607b84a@mail.gmail.com>
Date: Tue, 27 Feb 2007 17:20:38 -0500
From: "Alex Karasulu" <akarasulu@apache.org>
Sender: akarasulu@gmail.com
To: "Apache Directory Developers List" <dev@directory.apache.org>,
	erodriguez@apache.org
Subject: Re: [Kerberos] Kerberos + OpenLDAP
In-Reply-To: <568753d90702271311l429cd864g3bfd9d6f078623c7@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_Part_16741_6922130.1172614838967"
References: <568753d90702271311l429cd864g3bfd9d6f078623c7@mail.gmail.com>
X-Google-Sender-Auth: 260f31b5558f93c6
X-Virus-Checked: Checked by ClamAV on apache.org

------=_Part_16741_6922130.1172614838967
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Would be nice to get SASL setup for Apache Directory.  Any idea if that's
possible soon?

Alex

On 2/27/07, Enrique Rodriguez <enriquer9@gmail.com> wrote:
>
> Hi, Directory developers,
>
> As part of documenting practical uses of Apache Directory for Kerberos
> authentication, I got Kerberos authentication to OpenLDAP working.
> This uses the "SASL+GSS-API+Kerberos V5" mechanism.  The
> "three-headed" Kerberos setup I tested was (1) OpenLDAP clients (2)
> OpenLDAP server and (3) Apache Directory.  In this configuration,
> Apache Directory is being used as the KDC while OpenLDAP is a
> "service" or "relying party."  The clients are the usual 'ldapsearch',
> etc.
>
> I put the notes I have so far in DIRxSBOX at:
>
> http://cwiki.apache.org/confluence/display/DIRxSBOX/Kerberos+Authentication+to+OpenLDAP
>
> I still need to clean up my sample LDIFs.
>
> Enrique
>

------=_Part_16741_6922130.1172614838967
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Would be nice to get SASL setup for Apache Directory.&nbsp; Any idea if that&#39;s possible soon?<br><br>Alex<br><br><div><span class="gmail_quote">On 2/27/07, <b class="gmail_sendername">Enrique Rodriguez</b> &lt;<a href="mailto:enriquer9@gmail.com">
enriquer9@gmail.com</a>&gt; wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Hi, Directory developers,<br><br>As part of documenting practical uses of Apache Directory for Kerberos
<br>authentication, I got Kerberos authentication to OpenLDAP working.<br>This uses the &quot;SASL+GSS-API+Kerberos V5&quot; mechanism.&nbsp;&nbsp;The<br>&quot;three-headed&quot; Kerberos setup I tested was (1) OpenLDAP clients (2)
<br>OpenLDAP server and (3) Apache Directory.&nbsp;&nbsp;In this configuration,<br>Apache Directory is being used as the KDC while OpenLDAP is a<br>&quot;service&quot; or &quot;relying party.&quot;&nbsp;&nbsp;The clients are the usual &#39;ldapsearch&#39;,
<br>etc.<br><br>I put the notes I have so far in DIRxSBOX at:<br><a href="http://cwiki.apache.org/confluence/display/DIRxSBOX/Kerberos+Authentication+to+OpenLDAP">http://cwiki.apache.org/confluence/display/DIRxSBOX/Kerberos+Authentication+to+OpenLDAP
</a><br><br>I still need to clean up my sample LDIFs.<br><br>Enrique<br></blockquote></div><br>

------=_Part_16741_6922130.1172614838967--