17.12.2021 17:34, Stefan Kania пишет:
Hello to all,
I'm trying to get GSSAPI authentication running with the symas-packages.
I generated a ldap.keytab file and it's readable for the ldap-user
running the slapd. With the Debian-packages I ad:
---------
export KRB5_KTNAME="/path/to/ldap.keytab"
---------
I don't want to use the system keytab /etc/krb5.keytab. How do I tell
slapd from the symas-packages to use my service-keytab?
I try to add to my /etc/default/symas-openldap:
---------
KRB5_KTNAME="/path/to/ldap.keytab
---------
but it's not working.
Stefan
Hello.
First of all you should determine, if ENV "KRB5_KTNAME" is using by
running process. Try this to extract all of ENVs
strings –a /proc/<pid_of_the_process_ldap>/environ
If you cann't see KRB5_KTNAME, you can try to add
export KRB5_KTNAME="/path/to/ldap.keytab"
to startup script
If you see KRB5_KTNAME, thats means symas-openldap doesn't use KRB5_KTNAME.
