[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Small HOWTO about OpenLDAP2, SASL, Kerberos and SSL/TLS (Was: OpenLDAP2 and SASL/Kerberos)
Quoting Will Day <willday@rom.oit.gatech.edu>:
> One question I had about what you mentioned on the webpage was about the
> sasl gssapiv2 patch (#patch-sasl). You mention:
>
> NOTE: According to a message on the openldap-software mailing list, this
> was fixed some time ago in the CVS version of Cyrus SASL. So make sure
> that you need the patch before applying it! The version of the file
> plugins/gssapi.c in the cyrus-sasl source directory should be greater
> than 1.39, that's when it was fixed. So if you have a version higher
> than 1.39 you don't need to patch Cyrus-SASL.
>
> I wasn't sure how to find the version of the file I have (this is the
> 1.5.24 tar from the ftp site); I didn't see a version number in the
> gssapi.c.
True enough, I didn't bother checking (that's what I meant by 'please review
it and mail me any irregularities' :).
If you are using the tarball from the FTP, then you need both patches. I assume
that the CVS version have a CVS number in it...
I'll update the HOWTO about that... Thanx.
> Also, for the "ldap_sasl_interactive_bind_s: Local error" error, I ran into
> the error in a different manner. I wasn't specifying the FQDN hostname of
> the LDAP server, and it was defaulting to "localhost", for which it
> couldn't get a kerberos ticket. :) You might want to include something
> about that; it took me several hours before I figured out what the heck was
> going on.
Specified the FQDN where?
Where did it default to localhost?
How did you solve it?
--
Turbo __ _ Debian GNU Unix _IS_ user friendly - it's just
^^^^^ / /(_)_ __ _ ___ __ selective about who its friends are
/ / | | '_ \| | | \ \/ / Debian Certified Linux Developer
_ /// / /__| | | | | |_| |> < Turbo Fredriksson turbo@tripnet.se
\\\/ \____/_|_| |_|\__,_/_/\_\ Stockholm/Sweden