4.1.2.4 - SASL GSSAPI Authentication¶
This authentication mechanism is specified in the following RFCs :
* [RFC 4752](http://tools.ietf.org/html/rfc4752)
It's more specifically used for Kerberos V5 authentication. As Apache Directory Server is also a Kerberos Server, it comes as a natural extension of the server.
It requires some configuration though.
Configuration¶
The idea is for the LDAP server to delegate the authentication to the Kerberos Server.
Usage¶
MessageType : BIND_REQUEST Message ID : 1 BindRequest Version : '3' Name : '' Sasl credentials Mechanism :'GSSAPI' Credentials : (omitted-for-safety)
MessageType : BIND_RESPONSE Message ID : 1 BindResponse Ldap Result Result code : (SASL_BIND_IN_PROGRESS) saslBindInProgress -- new Matched Dn : 'null' Diagnostic message : 'null' Server sasl credentials : ''