* Quanah Gibson-Mount <quanah@stanford.edu> [030428 17:24]: > Ben, > > We use SASL/GSSAPI with our OpenLDAP servers w/o problem. Yes, so I've seen! :) > I can give you the following suggestions: > Thanks for your suggestions. Thanks also for spotting the srvtab line in my slapd.conf, that certainly had no business being there! I modeled my slapd.conf sasl configs after yours and added the KRB5_TKNAME variable to my start up file, I'm using the most permissive ACLs possible right now until I get the authentication stuff working properly. Unfortunately with all of these changes I'm still seeing the same problem: [benp@thingone openldap]$ ldapwhoami SASL/GSSAPI authentication started ldap_sasl_interactive_bind_s: Invalid credentials (49) additional info: SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context [benp@thingone openldap]$ /usr/local/heimdal/bin/klist Credentials cache: FILE:/tmp/krb5cc_25022_XsJjpG Principal: benp@REED.EDU Issued Expires Principal Apr 29 09:46:24 Apr 29 19:46:24 krbtgt/REED.EDU@REED.EDU Apr 29 09:46:29 Apr 29 19:46:24 ldap/thingone.reed.edu@REED.EDU [benp@thingone openldap]$ Ben -- --------------------------------------------------------------------------- Ben Poliakoff email: <benp@reed.edu> Reed College tel: (503)-788-6674 Unix System Administrator PGP key: http://www.reed.edu/~benp/key.html --------------------------------------------------------------------------- 0x6AF52019 fingerprint = A131 F813 7A0F C5B7 E74D C972 9118 A94D 6AF5 2019
Attachment:
pgpfMDFppRlfK.pgp
Description: PGP signature