[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: SASL/Kerberos V4 & openldap



This looks like a bug in the SASL KerberosIV mechanism. Have you actually
gotten a successful authentication using the SASL sample client with the SASL
server?

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Quanah
> Gibson-Mount
> Sent: Wednesday, October 30, 2002 8:47 PM
> To: openldap-software@OpenLDAP.org
> Subject: SASL/Kerberos V4 & openldap
>
>
> Hello,
>
> We currently have SASL/GSSAPI working well with our systems, running:
> openldap-2.1.8
> cyrus-sasl-2.1.9
> berkeley db 4.1.24
>
> We would also like to get SASL/KERBEROS_V4 working as well.
> However, when
> I specify -Y KERBEROS_V4 in the ldapsearch command, I get:
>
> ldap1:~> ldapsearch -Y KERBEROS_V4
> SASL/KERBEROS_V4 authentication started
> ldap_sasl_interactive_bind_s: Internal (implementation
> specific) error (80)
>         additional info: SASL(-5): bad protocol / cancel:
> Remote sent first
> but mech does not allow it.
>
> When running the client/server binaries that come with SASL, I find:
>
> ./client -p 99 ldap1
> receiving capability list... recv: {24}
> PLAIN GSSAPI KERBEROS_V4
>
> So Kerberos V4 is plainly in the capabilities list.
>
> In the portable.h file, I find that it defines the various pieces for
> kerberos, such as:
>
> /* Define if you have the <kerberosIV/des.h> header file.  */
> #define HAVE_KERBEROSIV_DES_H 1
>
> /* Define if you have the <kerberosIV/krb.h> header file.  */
> #define HAVE_KERBEROSIV_KRB_H 1
>
>
> Anyone have any hints on why K4 binds aren't working?
>
> Thanks,
> Quanah
>
> --
> Quanah Gibson-Mount
> Senior Systems Administrator
> ITSS/TSS/Computing Systems
> Stanford University
> GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
>
>