[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
SASL/Kerberos V4 & openldap
Hello,
We currently have SASL/GSSAPI working well with our systems, running:
openldap-2.1.8
cyrus-sasl-2.1.9
berkeley db 4.1.24
We would also like to get SASL/KERBEROS_V4 working as well. However, when
I specify -Y KERBEROS_V4 in the ldapsearch command, I get:
ldap1:~> ldapsearch -Y KERBEROS_V4
SASL/KERBEROS_V4 authentication started
ldap_sasl_interactive_bind_s: Internal (implementation specific) error (80)
additional info: SASL(-5): bad protocol / cancel: Remote sent first
but mech does not allow it.
When running the client/server binaries that come with SASL, I find:
./client -p 99 ldap1
receiving capability list... recv: {24}
PLAIN GSSAPI KERBEROS_V4
So Kerberos V4 is plainly in the capabilities list.
In the portable.h file, I find that it defines the various pieces for
kerberos, such as:
/* Define if you have the <kerberosIV/des.h> header file. */
#define HAVE_KERBEROSIV_DES_H 1
/* Define if you have the <kerberosIV/krb.h> header file. */
#define HAVE_KERBEROSIV_KRB_H 1
Anyone have any hints on why K4 binds aren't working?
Thanks,
Quanah
--
Quanah Gibson-Mount
Senior Systems Administrator
ITSS/TSS/Computing Systems
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html