docker_auth icon indicating copy to clipboard operation
docker_auth copied to clipboard

Published 20 hours ago verified publisher icon cesanta

SASL GSS-API/Kerberos

Open eugene-bright opened this issue 6 years ago • 3 comments

Can't find example configuration to login LDAP with Kerberos keytab without bind_dn and password.

Is it possible or planned?

eugene-bright avatar Jul 21 '19 21:07 eugene-bright

@eugene-bright just to clarify when you say "login into LDAP" you mean the connection between the auth_server and LDAP, and not between docker client and auth_server?

techknowlogick avatar Jan 06 '21 22:01 techknowlogick

I'd like the auth_server to connect to a LDAP server by using SASL GSSAPI without plaintext password by utilizing provided keytab. I suppose that current libs are not compatible with MIT Kerberos and KT5_KTNAME and KT5CCNAME environment variables are not respected.

eugene-bright avatar Jan 06 '21 23:01 eugene-bright

Thanks for the clarification :)

Seems you are right about current libs don't support it (yet.. https://github.com/go-ldap/ldap/issues/115 ). I will keep this open, and keep an eye on the upstream ticket.

techknowlogick avatar Jan 08 '21 02:01 techknowlogick