Simple enough question; is there a way you can configuare your ldap server so it only accepts kerberos authentication and rejects any other type.
I'm almost 100% certain this can be done, i just do not know how - something in a config file no doubt.
Cheers
You could try using the require option in the configuration, or olcRequires for the ldif format.
As per documentation, for require
Specify a set of conditions (separated by white space) to require (default none). The directive may be specified globally and/or per-database; databases inherit global conditions, so per-database specifications are additive. bind requires bind operation prior to directory operations. LDAPv3 requires session to be using LDAP version 3. authc requires authentication prior to directory operations. SASL requires SASL authentication prior to directory operations. strong requires strong authentication prior to directory operations. The strong keyword allows protected "simple" authentication as well as SASL authentication. none may be used to require no conditions (useful to clear out globally set conditions within a particular database); it must occur first in the list of conditions.
and for olcRequires
Specify a set of conditions to require (default none). The directive may be specified globally and/or per-database; databases inherit global conditions, so per-database specifications are additive. bind requires bind operation prior to directory operations. LDAPv3 requires session to be using LDAP version 3. authc requires authentication prior to directory operations. SASL requires SASL authentication prior to directory operations. strong requires strong authentication prior to directory operations. The strong keyword allows protected "simple" authentication as well as SASL authentication. none may be used to require no conditions (useful to clear out globally set conditions within a particular database); it must occur first in the list of conditions.
SASL is what you want here, because Kerberos v5 implements GSSAPI.
Other than this, I wouldn't be able to tell you because I don't know any configuration that restricts the kind of authentication allowed in an LDAP server.
