[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP2 and SASL/Kerberos

To: openldap-software@OpenLDAP.org
Subject: Re: OpenLDAP2 and SASL/Kerberos
From: Turbo Fredriksson <turbo@bayour.com>
Date: 06 Mar 2001 19:00:46 +0100
In-reply-to: Turbo Fredriksson's message of "06 Mar 2001 18:29:41 +0100"
Organization: LDAP/Kerberos expert wannabe
References: <871ysb5db8.fsf@papadoc.bayour.com> <20010306143515.X137484@pandora.inf.elte.hu> <874rx73rz6.fsf@papadoc.bayour.com> <20010306154502.C137484@pandora.inf.elte.hu> <87vgpm3iwq.fsf@papadoc.bayour.com>
User-agent: Gnus/5.0807 (Gnus v5.8.7) Emacs/20.7

Even more investigation reviles that the sample-{server|client} from
Cyrus-SASL does NOT work!

----- s n i p -----
CHROOT:/tmp/sample# ./sample-server -s ldap -p /usr/lib/sasl
Generating client mechanism list...
Sending list of 4 mechanism(s)
S: UExBSU4gTE9HSU4gQU5PTllNT1VTIEdTU0FQSQ==
Waiting for client mechanism...
C: R1NTQVBJAGCCAhUGCSqGSIb3EgECAgEAboICBDCCAgCgAwIBBaEDAgEOogcDBQAgAAAAo4IBJGGCASAwggEcoAMCAQWhDBsKQkFZT1VSLkNPTaIlMCOgAwIBA6EcMBobBGxkYXAbEnBhcGFkb2MuYmF5b3VyLmNvbaOB3zCB3KADAgEQoQMCAQKigc8Egczzq7bGtNEyE0DkBceUEVo2bGHpOK57xP3rU2IM8Tf4Q9qCNR/1TVvZLXbiCHJUcYH2mQ2GYNkCQY1lxdkf7BggiRmMMII8xxcMJ9c+2vXkHL246tbzlVTALb+8mVp71B4vIKvDv8L/m552tP2KSPUSVRgDNOTsRAp2OYhAy+52XAZv3DG+K2n54VqTPtDMo5G6geGPjXI6LhVcMmlMKMvZ14rAn+urTQNSPeGNWaO6NMNYkFmQPkIRgzxXbBI1MzEFQqwkc5UybU7RmwmkgcIwgb+gAwIBEKKBtwSBtASOfxgeFRzgIIRDayTT6KQGMA0u/MUv7Kb1TJo2gQ8FfDwfSCC+aCTv8YBv2K84UGTzwNun3HbvLdtMftAOO1tA+IF2SiHL6yl2f+Q7Qyv+IuRtlxQozaWr3HdU1RjiYUA2WdM1DU2dVnRk/Q2Br2ryi6k526obRNpMWRGcHV48ybCKIl43nUl84zRMqcUB1kl/wz+lPpSrWFgSBEe1iCvtwPMq5vzvSHirLZhFh3IvA9SN8A==
got 'GSSAPI'
lt-sample-server: Starting SASL negotiation: generic failure (GSSAPI: gss_acquire_cred: Miscellaneous failure; No principal in keytab matches desired name; )
----- s n i p -----

----- s n i p -----
CHROOT:/tmp/sample# ./sample-client -s ldap -u root -a root -p /usr/lib/sasl -n papadoc.bayour.com
service=ldap
Waiting for mechanism list from server...
S: UExBSU4gTE9HSU4gQU5PTllNT1VTIEdTU0FQSQ==
Choosing best mechanism from: PLAIN LOGIN ANONYMOUS GSSAPI
Using mechanism GSSAPI
Preparing initial.
Sending initial response...
C: R1NTQVBJAGCCAhUGCSqGSIb3EgECAgEAboICBDCCAgCgAwIBBaEDAgEOogcDBQAgAAAAo4IBJGGCASAwggEcoAMCAQWhDBsKQkFZT1VSLkNPTaIlMCOgAwIBA6EcMBobBGxkYXAbEnBhcGFkb2MuYmF5b3VyLmNvbaOB3zCB3KADAgEQoQMCAQKigc8Egczzq7bGtNEyE0DkBceUEVo2bGHpOK57xP3rU2IM8Tf4Q9qCNR/1TVvZLXbiCHJUcYH2mQ2GYNkCQY1lxdkf7BggiRmMMII8xxcMJ9c+2vXkHL246tbzlVTALb+8mVp71B4vIKvDv8L/m552tP2KSPUSVRgDNOTsRAp2OYhAy+52XAZv3DG+K2n54VqTPtDMo5G6geGPjXI6LhVcMmlMKMvZ14rAn+urTQNSPeGNWaO6NMNYkFmQPkIRgzxXbBI1MzEFQqwkc5UybU7RmwmkgcIwgb+gAwIBEKKBtwSBtASOfxgeFRzgIIRDayTT6KQGMA0u/MUv7Kb1TJo2gQ8FfDwfSCC+aCTv8YBv2K84UGTzwNun3HbvLdtMftAOO1tA+IF2SiHL6yl2f+Q7Qyv+IuRtlxQozaWr3HdU1RjiYUA2WdM1DU2dVnRk/Q2Br2ryi6k526obRNpMWRGcHV48ybCKIl43nUl84zRMqcUB1kl/wz+lPpSrWFgSBEe1iCvtwPMq5vzvSHirLZhFh3IvA9SN8A==
Waiting for server reply...

----- s n i p -----

However, and what fooled me was that service (-s) = 'host' worked like a charm!
----- s n i p -----
CHROOT:/tmp/sample# kadmin -p turbo@BAYOUR.COM
Authenticating as principal turbo@BAYOUR.COM with password.
Enter password:
kadmin:  getprincs
K/M@BAYOUR.COM
admin/admin@BAYOUR.COM
ftp/papadoc.bayour.com@BAYOUR.COM
host/papadoc.bayour.com@BAYOUR.COM
kadmin/admin@BAYOUR.COM
kadmin/changepw@BAYOUR.COM
kadmin/history@BAYOUR.COM
krbtgt/BAYOUR.COM@BAYOUR.COM
ldap/localhost@BAYOUR.COM
ldap/papadoc.bayour.com@BAYOUR.COM
mounthome/papadoc.bayour.com@BAYOUR.COM
pam_migrate/papadoc.bayour.com@BAYOUR.COM
root@BAYOUR.COM
turbo@BAYOUR.COM
----- s n i p -----

-- 
 Turbo     __ _     Debian GNU     Unix _IS_ user friendly - it's just 
 ^^^^^    / /(_)_ __  _   ___  __  selective about who its friends are 
         / / | | '_ \| | | \ \/ /   Debian Certified Linux Developer  
  _ /// / /__| | | | | |_| |>  <  Turbo Fredriksson   turbo@tripnet.se
  \\\/  \____/_|_| |_|\__,_/_/\_\ Stockholm/Sweden

Follow-Ups:
- Re: OpenLDAP2 and SASL/Kerberos
  - From: Turbo Fredriksson <turbo@bayour.com>

References:
- OpenLDAP2 and SASL/Kerberos
  - From: Turbo Fredriksson <turbo@bayour.com>
- Re: OpenLDAP2 and SASL/Kerberos
  - From: GOMBAS Gabor <gombasg@inf.elte.hu>
- Re: OpenLDAP2 and SASL/Kerberos
  - From: Turbo Fredriksson <turbo@bayour.com>
- Re: OpenLDAP2 and SASL/Kerberos
  - From: Turbo Fredriksson <turbo@bayour.com>

Prev by Date: Re: OpenLDAP2 and SASL/Kerberos
Next by Date: Re: OpenLDAP2 and SASL/Kerberos
Index(es):
- Chronological
- Thread