- SASL GSSAPI Authentication

This authentication mechanism is specified in the following RFCs :

* [RFC 4752](https://tools.ietf.org/html/rfc4752)

It’s more specifically used for Kerberos V5 authentication. As Apache Directory Server is also a Kerberos Server, it comes as a natural extension of the server.

It requires some configuration though.


The idea is for the LDAP server to delegate the authentication to the Kerberos Server.


MessageType : BIND_REQUEST Message ID : 1 BindRequest Version : ‘3’ Name : '’ Sasl credentials Mechanism :‘GSSAPI’ Credentials : (omitted-for-safety)

MessageType : BIND_RESPONSE Message ID : 1 BindResponse Ldap Result Result code : (SASL_BIND_IN_PROGRESS) saslBindInProgress – new Matched Dn : ‘null’ Diagnostic message : ‘null’ Server sasl credentials : '’