---

title: 4.1.2.4 - SASL GSSAPI Authentication navPrev: 4.1.2.3-sasl-digest-md5-authn.html navPrevText: 4.1.2.4 - SASL GSSAPI Authentication navPrev: 4.1.2.3-sasl-digest-md5-authn.html navPrevText: 4.1.2.3 - SASL DIGEST-MD5 Authentication navUp: 4.1.2-sasl-authn.html navUpText: 4.1.2 - SASL Authentication navNext: 4.1.2.5-sasl-external-authn.html navNextText: 4.1.2.5 - SASL EXTERNAL Authentication

4.1.2.4 - SASL GSSAPI Authentication

This authentication mechanism is specified in the following RFCs :

* [RFC 4752](http://tools.ietf.org/html/rfc4752)

It's more specifically used for Kerberos V5 authentication. As Apache Directory Server is also a Kerberos Server, it comes as a natural extension of the server.

It requires some configuration though.

Configuration

The idea is for the LDAP server to delegate the authentication to the Kerberos Server.

Usage

MessageType : BIND_REQUEST Message ID : 1 BindRequest Version : ‘3’ Name : '' Sasl credentials Mechanism :‘GSSAPI’ Credentials : (omitted-for-safety)

MessageType : BIND_RESPONSE Message ID : 1 BindResponse Ldap Result Result code : (SASL_BIND_IN_PROGRESS) saslBindInProgress -- new Matched Dn : ‘null’ Diagnostic message : ‘null’ Server sasl credentials : ''