[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: how to specify a different keytab file?

To: openldap-software@OpenLDAP.org
Subject: Re: how to specify a different keytab file?
From: Andreas Hasenack <andreas@conectiva.com.br>
Date: Fri, 5 Apr 2002 10:56:38 -0300
Content-disposition: inline
In-reply-to: <Pine.A41.4.44.0204050848290.103628-100000@gnu.uvm.edu>
References: <20020404184432.GM20928@conectiva.com.br> <Pine.A41.4.44.0204050848290.103628-100000@gnu.uvm.edu>
User-agent: Mutt/1.3.28i

Em Fri, Apr 05, 2002 at 08:51:23AM -0500, Frank Swasey escreveu:
> On Apr 4 at 3:44pm, Andreas Hasenack wrote:
> 
> > With openldap-2.0.22, how can I specify a different keytab file
> > for the slapd daemon, instead of the /etc/krb5.keytab one?
> 
> On RedHat Linux, add the following line to /etc/sysconfig/ldap
> 
> export KRB5_KTNAME="FILE:_path_to_your_file"
> 
> And make sure the file is owned by the user you are going to run slapd
> as...

Thanks, I did that, and also checked the permissions, but I keep
getting another error then...:
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Unknown error
        additional info: GSSAPI: gss_acquire_cred: Miscellaneous failure; Permission denied in
replay cache code;

If I run slapd as root, then it works. There seems to be something else the slapd daemon
needs to have access to besides the keytab file and I can't figure out what
it is.

References:
- how to specify a different keytab file?
  - From: Andreas Hasenack <andreas@conectiva.com.br>
- Re: how to specify a different keytab file?
  - From: Frank Swasey <Frank.Swasey@uvm.edu>

Prev by Date: Exception
Next by Date: Search Filters
Index(es):
- Chronological
- Thread