Re: GSSAPI error

[Stephen Torri <storri@sbcglobal.net>]

On Mon, 2002-07-22 at 02:04, Hans Aschauer wrote:
> On Samstag, 20. Juli 2002 22:55, Stephen Torri wrote:
> > I am having a problem with GSSAPI. The search I am trying to do is to
> > report back the support SASL mechanisms to test the secure ldap:
> >
> >
> > ldapsearch -H ldap://alpha.torri.linux/ -I -b "" -s base -LLL
> > supportedMechanisms
> >
> > SASL/GSSAPI Authentication started
> > SASL Interaction
> > Please enter your authorization name: torri
> > ldap_sasl_interactive_bind_s: Unknown error
> > 	additional info: GSSAPI: gss_input_name: ; ;
> >
> >
> > I do not understand the error. I am trying to learn openldap and
> > kerberos. I am following a HOWTO that is written for Debian but I
> > have managed to understand it and set up RedHat 7.2 on an Alpha CPU
> > system.
> 
> 
> Are you shure that you have a valid kerberos TGT, i.e. did you say 
> 'kinit' or log in via klogin? You can check that by 'klist'.
> 
> For the authorization name, it is usually enough to press enter (at 
> least, as long as you didn't set up your directory accordingly). As 
> soon as you have a TGT, gssapi knows 'who' you are, and it knows your 
> credentials.
> 
> A third thing: the attribute is called 'supportedSASLMechanisms' 
> (instead of 'supportedMechanisms').
> 
> If you do not yet have a working Kerberos environment, you could issue
> 
> ldapsearch -x -H ldap://alpha.torri.linux/  -b "" -s base -LLL \ 
> supportedSASLMechanisms
> 
> (note the change from -I to -x, which will do an anonymous simple bind)
> 
> Hope that helps,
> 
> Hans

Thanks very much for responding. I do not have time right now to mess
with this machine but when I do I will report back to this list and
yourself the result of my efforts.

Stephen