[Pdns-dev] Patch to add GSSAPI authentication to the LDAP backend
Grégory Oestreicher
greg at kamago.net
Mon Jul 18 21:51:35 CEST 2011
Hi All,
I've added for my needs GSSAPI authentication to the LDAP backend and thought
it may be nice to share. I've developed using Heimdal Kerberos, and MIT
Kerberos may not work out of the box.
The original patchset was developed against PowerDNS 2.9.22 (the 2.9.22-0*
files) and is the most tested. I've ported it to trunk (the trunk-0* files). The
only test was "does it compile (y/n)". It does, and as the code is the same it
should work fine too.
GSSAPI is controlled by the following configuration directives:
- ldap-bindmethod: 'simple' or 'gssapi', defaulting to 'simple'. The method to
use to bind to the LDAP server. 'simple' keeps the original behavior.
- ldap-krb5-keytab: no default. The path to the file holding the keytab to use
to get a TGT. This file must only be readable by the PowerDNS account.
- ldap-krb5-ccache: no default, using the Kerberos implementation values. The
path to the credentials cache file. If using the default value then credentials
will be stored in /tmp/krb5cc_<uid>, which may not be the expected behavior.
Cheers,
Grégory
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 2.9.22-01-move-connection-creation-code-out-of-ctor.diff.gz
Type: application/x-gzip
Size: 1086 bytes
Desc: not available
URL: <http://mailman.powerdns.com/pipermail/pdns-dev/attachments/20110718/6322ba3c/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 2.9.22-02-refactor.diff.gz
Type: application/x-gzip
Size: 1709 bytes
Desc: not available
URL: <http://mailman.powerdns.com/pipermail/pdns-dev/attachments/20110718/6322ba3c/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 2.9.22-03-add-simple-authenticator.diff.gz
Type: application/x-gzip
Size: 3177 bytes
Desc: not available
URL: <http://mailman.powerdns.com/pipermail/pdns-dev/attachments/20110718/6322ba3c/attachment-0002.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 2.9.22-04-add-gssapi-authenticator.diff.gz
Type: application/x-gzip
Size: 3796 bytes
Desc: not available
URL: <http://mailman.powerdns.com/pipermail/pdns-dev/attachments/20110718/6322ba3c/attachment-0003.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: trunk-01-refactor.diff.gz
Type: application/x-gzip
Size: 2178 bytes
Desc: not available
URL: <http://mailman.powerdns.com/pipermail/pdns-dev/attachments/20110718/6322ba3c/attachment-0004.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: trunk-02-add-simple-authenticator.diff.gz
Type: application/x-gzip
Size: 2591 bytes
Desc: not available
URL: <http://mailman.powerdns.com/pipermail/pdns-dev/attachments/20110718/6322ba3c/attachment-0005.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: trunk-03-add-gssapi-authenticator.diff.gz
Type: application/x-gzip
Size: 2740 bytes
Desc: not available
URL: <http://mailman.powerdns.com/pipermail/pdns-dev/attachments/20110718/6322ba3c/attachment-0006.bin>
More information about the Pdns-dev
mailing list