[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: how to specify a different keytab file?



Em Fri, Apr 05, 2002 at 08:51:23AM -0500, Frank Swasey escreveu:
> On Apr 4 at 3:44pm, Andreas Hasenack wrote:
> 
> > With openldap-2.0.22, how can I specify a different keytab file
> > for the slapd daemon, instead of the /etc/krb5.keytab one?
> 
> On RedHat Linux, add the following line to /etc/sysconfig/ldap
> 
> export KRB5_KTNAME="FILE:_path_to_your_file"
> 
> And make sure the file is owned by the user you are going to run slapd
> as...

Thanks, I did that, and also checked the permissions, but I keep
getting another error then...:
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Unknown error
        additional info: GSSAPI: gss_acquire_cred: Miscellaneous failure; Permission denied in
replay cache code;

If I run slapd as root, then it works. There seems to be something else the slapd daemon
needs to have access to besides the keytab file and I can't figure out what
it is.