[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: GSSAPI error
On Mon, 2002-07-22 at 02:04, Hans Aschauer wrote:
> Are you shure that you have a valid kerberos TGT, i.e. did you say
> 'kinit' or log in via klogin? You can check that by 'klist'.
As user 'torri'
klist reports: klist: Permission denied while initializing krb5
kinit reports: kinit(v5): Permission denied while initializing
Kerberos 5 library.
As user 'root'
klist reports tickets for user.
kinit: Principal is torri@TORRI.LINUX (previous attempt to do kinit
when using 'su' as torri.)
So I definitely have a Kerberos configuration problem.
> For the authorization name, it is usually enough to press enter (at
> least, as long as you didn't set up your directory accordingly). As
> soon as you have a TGT, gssapi knows 'who' you are, and it knows your
> credentials.
Ok.
> A third thing: the attribute is called 'supportedSASLMechanisms'
> (instead of 'supportedMechanisms').
Right. Sorry for the typing error.
> If you do not yet have a working Kerberos environment, you could issue
>
> ldapsearch -x -H ldap://alpha.torri.linux/ -b "" -s base -LLL \
> supportedSASLMechanisms
>
> (note the change from -I to -x, which will do an anonymous simple bind)
I did:
ldapsearch -H ldap://alpha.torri.linux -x -b "" -s base -LLL \
supportedSASLMechanisms
Result:
dn:
supportedSASLMechanisms: GSSAPI
Ok. So I did it for ldaps and got the same result. Afterward I tried to
use -I and press Enter when it asked for authorizing name using the user
'root' with valid Kerberos ticket. It failed. I received the GSSAPI
error as I reported before.
Stephen