Commit 53081446 authored by Kurt Zeilenga's avatar Kurt Zeilenga
Browse files

Rework Kerberos principals (ITS#2695)

parent 6aff66cf
...@@ -192,18 +192,17 @@ command option. ...@@ -192,18 +192,17 @@ command option.
For the purposes of authentication and authorization, {{slapd}}(8) For the purposes of authentication and authorization, {{slapd}}(8)
associates a non-mapped authentication request DN of the form: associates a non-mapped authentication request DN of the form:
> uid=<principal>,cn=<realm>,cn=gssapi,cn=auth > uid=<primary[/instance]>,cn=<realm>,cn=gssapi,cn=auth
Continuing our example, a user Continuing our example, a user with the Kerberos principal
with the Kerberos principal {{EX:kurt@EXAMPLE.COM}} would have {{EX:kurt@EXAMPLE.COM}} would have the associated DN:
the associated DN:
> uid=kurt,cn=example.com,cn=gssapi,cn=auth > uid=kurt,cn=example.com,cn=gssapi,cn=auth
and the principal {{EX:ursula@FOREIGN.REALM}} would have the and the principal {{EX:ursula/admin@FOREIGN.REALM}} would have the
associated DN: associated DN:
> uid=ursula,cn=foreign.realm,cn=gssapi,cn=auth > uid=ursula/admin,cn=foreign.realm,cn=gssapi,cn=auth
H3: DIGEST-MD5 H3: DIGEST-MD5
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment