E.0 Configuring GSSAPI with eDirectory

The SASL-GSSAPI mechanism for NetIQ eDirectory enables you to authenticate to eDirectory through LDAP using a Kerberos ticket. You are not required to enter the eDirectory user password. The Kerberos ticket must be obtained by authenticating to a Kerberos server.

This feature is primarily useful for LDAP application users in environments that already have a Kerberos infrastructure in place. Therefore, these users should be able to authenticate to the LDAP server without providing a separate LDAP user password.

The current implementation of SASL-GSSAPI is compliant with RFC 2222 and supports only Kerberos v5 as the authentication mechanism.

The following sections explain how to configure GSSAPI and describe the various tasks you can perform with Kerberos in eDirectory and give some useful additional information: