upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2026-01-06 23:19:59 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix up GSSAPI

Browse source
This commit is contained in:
Kurt Zeilenga 2001-01-18 08:55:30 +00:00
parent 8d0a754b9e
commit 3f0905a529
1 changed files with 13 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
doc/guide/admin/sasl.sdf
View file

@ -122,12 +122,21 @@ use of the GSSAPI mechanism by specifying {{EX:-Y GSSAPI}} as a
command option.
For the purposes of authentication and authorization, {{slapd}}(8)
associated the non-mapped authentication DN of
associates a non-mapped authentication DN of the form:
> uid=user@REALM,cn=GSSAPI,cn=authzid
> uid=principal,cn=GSSAPI,cn=authzid
for the GSSAPI principal "user@REALM". The may be subsequently
mapped as detailed below.
If the user principal is within the same realm, the realm is
trimmed from the principal. Continuting our example, a user
with the Kerberos principal {{EX:kurt@EXAMPLE.COM}} would have
the associated DN:
> uid=kurt,cn=GSSAPI,cn=authzid
and the principal {{EX:ursula@@FORIEGN.REALM}} would have the
associated DN:
> uid=ursula@FOREIGN-REALM,cn=GSSAPI,cn=authzid
H3: KERBEROS_V4