Re: SASL/GSSAPI authentication problems - Invalid credentials

[Dieter Kluenter <dieter@dkluenter.de>]

Hi,

Ben Poliakoff <benp@reed.edu> writes:

[...]
> Non SASL anonymous binds work just fine (lookups from various
> addressbooks and from GQ are very quick and trouble free), but when I
> try to do a SASL bind (via ldapwhoami for instance) I get the following:
>
>     SASL/GSSAPI authentication started
>     ldap_sasl_interactive_bind_s: Invalid credentials (49)
>             additional info: SASL(-13): authentication failure: GSSAPI
>     Failure: gss_accept_sec_context

[...]

SASL/GSSAPI works fine for me
Your are logged-in, initiated a TGT with kinit and the KDC has issued
a TGT?
> I'm really looking foward to doing a lot of work with OpenLDAP, but for
> now I stuck since I can't authenticate....
>
> Does anyone have any suggestions about how I might further pursue this
> problem?  Would this be a better question for the sasl list?

Test your setup with the cyrus-sasl test-suite. Change to sample
directory within cyrus-sasl source file. As root start ./server in a
xterm and as user start "./client -s ldap -m GSSAPI hostname" in a
second xterm.

-Dieter
-- 
Dieter Kluenter  | Systemberatung
Tel:040.64861967 | Fax: 040.64891521
mailto: dkluenter@schevolution.com
http://www.schevolution.com/tour