[BSD] ldap-2.4 + kerberos

[Gabor HALASZ]

Hali!

A $subject-tel van bajom, a slapd-nek szeparalt keytab filet akarok 
csinalni, ehhez a KRB5_KTNAME valtozot kell beallitani. Szerencsere azt 
mondja az rcscript:

# To specify alternative Kerberos 5 Key Table, add the following
# rc.conf(5) configuration:
#
#slapd_krb5_ktname="/path/to/ldap.keytab"
#
...
     if [ -n "${slapd_krb5_ktname}" ]; then
       export KRB5_KTNAME=${slapd_krb5_ktname}
     fi
...

Ennek megfeleloen:

grep slapd /etc/rc.conf
slapd_enable="YES"
slapd_flags='-h "ldapi://%2fvar%2frun%2fopenldap%2fldapi/ 
ldap://localhost/"'
slapd_krb5_ktname="/usr/local/etc/openldap/krb5.keytab"
slapd_sockets="/var/run/openldap/ldapi"

Az rcscript rendben lefut:

+ [ -n /usr/local/etc/openldap/krb5.keytab ]
+ export KRB5_KTNAME=/usr/local/etc/openldap/krb5.keytab
+ _return=0
+ [ 0 -ne 0 ]
+ check_required_after start
+ local _f _args
+ return 0
+ return 0
+ check_startmsgs
+ [ -n '' ]
+ return 0
+ echo 'Starting slapd.'
Starting slapd.
+ [ -n '' ]
+ _doit='/usr/local/libexec/slapd -h 
"ldapi://%2fvar%2frun%2fopenldap%2fldapi/ ldap://localhost/" -u ldap -g 
ldap '

Majd megtekintve az eredmenyt:

truss -p <slapdpidje>:

getsockname(15,{ AF_INET 192.168.1.31:33666 },0x7fffff3fcfec) = 0 (0x0)
close(15)                                        = 0 (0x0)
open("/etc/krb5.keytab",O_RDONLY,00)             = 15 (0xf)
fcntl(15,F_SETLKW,0x7fffff3fd180)                = 0 (0x0)
dup(0xf,0xd,0x0,0x1,0x7fffff3fd240,0x7fffff3fd4b0) = 16 (0x10)
read(16,"\^E",1)                                 = 1 (0x1)
read(16,"\^B",1)                                 = 1 (0x1)

Johet mindenfele esz es revetel.

-- 
Gabor HALASZ <halasz.g at freemail.hu>