[Date Prev][Date Next] [Chronological] [Thread] [Top]

Problem with SASL and GSSAPI

To: openldap-software@OpenLDAP.org
Subject: Problem with SASL and GSSAPI
From: Julio Sanchez Fernandez <j_sanchez@stl.es>
Date: 15 Nov 2001 10:00:10 +0100
Cc: Jean-Eric.Cuendet@linkvest.com
User-agent: Gnus/5.0807 (Gnus v5.8.7) Emacs/20.7

There was a thread started by Jean-Eric Cuendet back in March with
this subject that ended without complete resolution and was started by
this message:

http://www.openldap.org/lists/openldap-software/200103/msg00344.html

I have found myself with a similar scenario (Permission denied in
gss_acquire_cred) and I have found it happens when slapd runs as non
root.  Current OpenLDAP packages by RedHat do this.

The workaround consists in using a different keytab owned by the user
slapd runs as.

I have sketched the whole method at:

http://www.openldap.org/faq/data/cache/630.html

This answer comes a little late, but search engines did not return
easily pointers to the needed answer, that is learning about the
KRB5_KTNAME environment varibale.  As a matter of fact, the answer
most likely to be found is that there is no solution.

Julio

Prev by Date: Re: Re: attribute search help
Next by Date: Schema and Attribute define??
Index(es):
- Chronological
- Thread