[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Problems with GSSAPI

To: openldap <openldap-software@OpenLDAP.org>
Subject: Re: Problems with GSSAPI
From: paul <koelle1@uni-weimar.de>
Date: Mon, 19 Aug 2002 14:11:50 +0200
References: <1029754768.1253.26.camel@base.torri.linux>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.0) Gecko/20020530

Stephen Torri wrote:

The system setup I have is:

RedHat 7.2
Linux kernel 2.4.9-32.5
Kerberos: krb5,libs,devel,workstation,server 1.2.4-1
OpenLDAP: openldap,clients,server 2.0.21-1
OpenSSL: 0.9.6b-8
Cyrus-SASL: 2.1.5-2

User 'root' can obtain a kerberos ticket but the default principal is
not root@TORRI.LINUX. Its default rincipcal is torri@TORRI.LINUX. With
this in mind when I try:

The ID of the principal is not important so far. As I know GSSAPI is just *authentication* based on kerberos.

ldapsearch -H ldaps:/// -I -b"" -s base -LLL supportedSASLMechanisms.

I get back:

ldap_sasl_interactive_bind_s: Unknown error
  additional info: GSSAPI: gss_acquire_cred: miscellaneous failure:
  Permission denied.


Please turn on debugging.

-Have you created a service principal for ldap like:
	ldap/your.domain.com@YOURREALM?

-Have you added that principal to your keytab file?
-Is this keytab file readable for slapd?


Where can I find a web page or documentation that give hints or
solutions to why I would keep getting the message?


ftp://kalamazoolinux.org/pub/pdf/ldapv3.pdf (best docu I found)

paul


Stephen

Follow-Ups:
- Re: Problems with GSSAPI
  - From: Stephen Torri <storri@sbcglobal.net>

References:
- Problems with GSSAPI
  - From: Stephen Torri <storri@sbcglobal.net>

Prev by Date: Problems with GSSAPI
Next by Date: Re: Install Make Test Issue
Index(es):
- Chronological
- Thread