[Date Prev][Date Next] [Chronological] [Thread] [Top]

SASL/Kerberos V4 & openldap



Hello,

We currently have SASL/GSSAPI working well with our systems, running:
openldap-2.1.8
cyrus-sasl-2.1.9
berkeley db 4.1.24

We would also like to get SASL/KERBEROS_V4 working as well. However, when I specify -Y KERBEROS_V4 in the ldapsearch command, I get:

ldap1:~> ldapsearch -Y KERBEROS_V4
SASL/KERBEROS_V4 authentication started
ldap_sasl_interactive_bind_s: Internal (implementation specific) error (80)
additional info: SASL(-5): bad protocol / cancel: Remote sent first but mech does not allow it.


When running the client/server binaries that come with SASL, I find:

./client -p 99 ldap1
receiving capability list... recv: {24}
PLAIN GSSAPI KERBEROS_V4

So Kerberos V4 is plainly in the capabilities list.

In the portable.h file, I find that it defines the various pieces for kerberos, such as:

/* Define if you have the <kerberosIV/des.h> header file.  */
#define HAVE_KERBEROSIV_DES_H 1

/* Define if you have the <kerberosIV/krb.h> header file.  */
#define HAVE_KERBEROSIV_KRB_H 1


Anyone have any hints on why K4 binds aren't working?

Thanks,
Quanah

--
Quanah Gibson-Mount
Senior Systems Administrator
ITSS/TSS/Computing Systems
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html