[Date Prev][Date Next] [Chronological] [Thread] [Top]

Problem with SASL and GSSAPI



There was a thread started by Jean-Eric Cuendet back in March with
this subject that ended without complete resolution and was started by
this message:

http://www.openldap.org/lists/openldap-software/200103/msg00344.html

I have found myself with a similar scenario (Permission denied in
gss_acquire_cred) and I have found it happens when slapd runs as non
root.  Current OpenLDAP packages by RedHat do this.

The workaround consists in using a different keytab owned by the user
slapd runs as.

I have sketched the whole method at:

http://www.openldap.org/faq/data/cache/630.html

This answer comes a little late, but search engines did not return
easily pointers to the needed answer, that is learning about the
KRB5_KTNAME environment varibale.  As a matter of fact, the answer
most likely to be found is that there is no solution.

Julio