On Thu, May 14, 2020 at 1:29 PM Andreas Hasenack <[email protected]> wrote: > > Hi, > > On Thu, May 14, 2020 at 2:27 PM Braiam <[email protected]> wrote: > > > I'm using Debian stable, slapd=2.4.47+dfsg-3+deb10u1, > > libsasl2-modules-gssapi-heimdal=2.1.27+dfsg-1+deb10u1. > > > > debian@ldap01:~$ sudo ktutil -k /etc/krb5.keytab list > > /etc/krb5.keytab: > > Can the slapd user read this keytab file?
Yes, it can. debian@ldap01:~$ getfacl /etc/krb5.keytab getfacl: Removing leading '/' from absolute path names # file: etc/krb5.keytab # owner: root # group: root user::rw- user:openldap:r-- group::--- mask::r-- other::--- -- Braiam
