I use this option -URather than requiring the authentication principal be given on the command line, read it from the keytab specified with -f. The principal will be taken from the first entry in the keytab. -f must be specified if this option is used.
so my systemd-file, to start k5start, looks like this: ------------ [Unit] Description=k5start for generating tickets for ldap main-db replication After=syslog.target network.target [Service] StartLimitInterval=5 StartLimitBurst=10ExecStart=/usr/bin/k5start -k /tmp/krb5ccm_11 -m 600 -o openldap -g openldap -U -f /opt/symas/etc/openldap/krepl-main.keytab -K 10 -l 10h
Restart=always RestartSec=120 [Install] WantedBy=multi-user.target ----------- Am 21.02.25 um 23:42 schrieb Quanah Gibson-Mount:
--On Friday, February 21, 2025 9:25 PM +0100 Stefan Kania <stefan@kania- online.de> wrote:With k5start you can create different ticket caches. I managed to get it working today I use: authcid = [email protected] Maybe it would be a good idea to put an example into the manpage for the two options authcid and authzid.Yeah I know all about k5start, I used to work with Russ.My question was more how does slapd know which one to use... I always had to set the k5 ticket cache in the environment before starting slapd. Would love to see an example :)--Quanah
smime.p7s
Description: Kryptografische S/MIME-Signatur
