[Date Prev][Date Next] [Chronological] [Thread] [Top]

SASL/Kerberos V4 & openldap

To: openldap-software@OpenLDAP.org
Subject: SASL/Kerberos V4 & openldap
From: Quanah Gibson-Mount <quanah@stanford.edu>
Date: Wed, 30 Oct 2002 20:46:36 -0800
Content-disposition: inline

Hello,

We currently have SASL/GSSAPI working well with our systems, running:
openldap-2.1.8
cyrus-sasl-2.1.9
berkeley db 4.1.24

We would also like to get SASL/KERBEROS_V4 working as well. However, when I specify -Y KERBEROS_V4 in the ldapsearch command, I get:

ldap1:~> ldapsearch -Y KERBEROS_V4 SASL/KERBEROS_V4 authentication started ldap_sasl_interactive_bind_s: Internal (implementation specific) error (80) additional info: SASL(-5): bad protocol / cancel: Remote sent first but mech does not allow it.

When running the client/server binaries that come with SASL, I find:

./client -p 99 ldap1
receiving capability list... recv: {24}
PLAIN GSSAPI KERBEROS_V4

So Kerberos V4 is plainly in the capabilities list.

In the portable.h file, I find that it defines the various pieces for kerberos, such as:

/* Define if you have the <kerberosIV/des.h> header file.  */
#define HAVE_KERBEROSIV_DES_H 1

/* Define if you have the <kerberosIV/krb.h> header file.  */
#define HAVE_KERBEROSIV_KRB_H 1


Anyone have any hints on why K4 binds aren't working?

Thanks,
Quanah

--
Quanah Gibson-Mount
Senior Systems Administrator
ITSS/TSS/Computing Systems
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

Follow-Ups:
- RE: SASL/Kerberos V4 & openldap
  - From: "Howard Chu" <hyc@highlandsun.com>

Prev by Date: Soft restart of slapd
Next by Date: query question
Index(es):
- Chronological
- Thread