The GSSAPI SASL mechanism performs all processing related to SASL GSSAPI authentication using Kerberos V5. The GSSAPI SASL mechanism provides the ability for clients to authenticate themselves to the server using existing authentication in a Kerberos environment. This mechanism provides the ability to achieve single sign-on for Kerberos-based clients. ds-cfg-gssapi-sasl-mechanism-handler ds-cfg-sasl-mechanism-handler org.opends.server.extensions.GSSAPISASLMechanismHandler Specifies the realm that should be used for GSSAPI authentication. The server will attempt to determine the realm from the underlying system configuration. ds-cfg-realm Specifies the address of the KDC that is to be used for Kerberos processing. If provided, this must a fully-qualified DNS-resolvable name. If this is not provided, then the server attempts to determine it from the system-wide Kerberos configuration. The server will attempt to determine the KDC address from the underlying system configuration. ds-cfg-kdc-address Specifies the path to the keytab file that should be used for Kerberos processing. If provided, this should be either an absolute path or one that is relative to the server instance root. The server will attempt to use the system-wide default keytab. ds-cfg-keytab Specifies the DNS-resolvable fully-qualified domain name for the system. The server will attempt to dynamically determine the fully-qualified domain name. ds-cfg-server-fqdn Specifies the name of the identity mapper that is to be used with this SASL mechanism handler to match the Kerberos principal included in the SASL bind request to the corresponding user in the directory. The referenced identity mapper must be enabled when the is enabled. ds-cfg-identity-mapper