[Fedora-directory-commits] ldapserver/ldap/admin/src initconfig.in, 1.3, 1.4
Richard Allen Megginson
rmeggins at fedoraproject.org
Mon Feb 16 22:54:31 UTC 2009
Author: rmeggins
Update of /cvs/dirsec/ldapserver/ldap/admin/src
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv2018
Modified Files:
initconfig.in
Log Message:
Resolves: bug 477009
Description: RFE change default place for kerberos keytabs
Fix Description: changed to
# KRB5_KTNAME=@instconfigdir@/myname.keytab ; export KRB5_KTNAME
Where @instconfigdir@ will usually expand to /etc/dirsrv
Index: initconfig.in
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/initconfig.in,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- initconfig.in 27 Aug 2008 21:24:46 -0000 1.3
+++ initconfig.in 16 Feb 2009 22:54:28 -0000 1.4
@@ -13,11 +13,21 @@
# desired value
# ulimit -n 8192
-# In order to use SASL/GSSAPI the directory
+# A per instance keytab does not make much sense for servers.
+# Kerberos clients use the machine FQDN to obtain a ticket like ldap/FQDN, there
+# is nothing that can make a client understand how to get a per-instance ticket.
+# Therefore by default a keytab should be considered a per server option.
+
+# Also this file is sourced for all instances, so again all
+# instances would ultimately get the same keytab.
+
+# Finally a keytab is normally named either krb5.keytab or <service>.keytab
+
+# In order to use SASL/GSSAPI (Kerberos) the directory
# server needs to know where to find its keytab
# file - uncomment the following line and set
# the path and filename appropriately
-# KRB5_KTNAME=@instconfigdir@/slapd-instance/keytab ; export KRB5_KTNAME
+# KRB5_KTNAME=@instconfigdir@/myname.keytab ; export KRB5_KTNAME
# other environment settings can be added here too
OS=`uname -s`
More information about the Fedora-directory-commits
mailing list