-.SH KERBEROS AUTHENTICATION
-If the LDAP library and LDAP server being contacted have been
-compiled with the KERBEROS option defined,
-Kerberos version 4 authentication can be performed. As mentioned above,
-these Kerberos routines are provided only for backward compatibility.
-.LP
-These routines assume the user already
-has obtained a ticket granting ticket. The routines take \fIwho\fP, the DN
-of the entry to bind as. The
-.B ldap_kerberos_bind_s()
-routine does both steps of the Kerberos binding process synchronously. The
-.B ldap_kerberos_bind1_s()
-and
-.B ldap_kerberos_bind2_s()
-routines allow synchronous access to the
-individual steps, authenticating to the LDAP server and X.500 DSA, respectively.
-The
-.B ldap_kerberos_bind1()
-and
-.B ldap_kerberos_bind2()
-routines provide equivalent asynchronous access.
-.LP
-The
-.B ldap_kerberos_bind_s()
-routine is used to perform both authentication steps when contacting
-an LDAP server that is a gateway to an X.500 DSA. This kind of server
-configuration is only supported in the (very old) University of Michigan LDAP
-release. The OpenLDAP package no longer provides this gateway server.
-The standalone LDAP server provided in OpenLDAP may still be configured
-with Kerberos version 4 support, but it only requires one authentication
-step, and will return an error if the second step is attempted. Therefore,
-only the
-.B ldap_kerberos_bind1()
-routine or its synchronous equivalent may be used when contacting an
-OpenLDAP server.