The SASL-GSSAPI mechanism for NetIQ eDirectory 8.8 enables you to authenticate to eDirectory through LDAP using a Kerberos ticket and without needing to enter the eDirectory user password. The Kerberos ticket should be obtained by authenticating to a Kerberos server.
This feature is primarily useful for LDAP application users in environments that already have a Kerberos infrastructure in place. Therefore, these users should be able to authenticate to the LDAP server without providing a separate LDAP user password.
To facilitate this, eDirectory introduces the SASL-GSSAPI mechanism.
The current implementation of SASL-GSSAPI is compliant with RFC 2222 and supports only Kerberos v5 as the authentication mechanism.
This chapter includes the following information: