[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL/GSSAPI authentication problems - Invalid credentials



* Quanah Gibson-Mount <quanah@stanford.edu> [030428 17:24]:
> Ben,
> 
> We use SASL/GSSAPI with our OpenLDAP servers w/o problem.

Yes, so I've seen! :)

> I can give you the following suggestions:
> 

Thanks for your suggestions.  Thanks also for spotting the srvtab line
in my slapd.conf, that certainly had no business being there!

I modeled my slapd.conf sasl configs after yours and added the
KRB5_TKNAME variable to my start up file, I'm using the most permissive
ACLs possible right now until I get the authentication stuff working
properly.

Unfortunately with all of these changes I'm still seeing the same
problem:

    [benp@thingone openldap]$ ldapwhoami
    SASL/GSSAPI authentication started
    ldap_sasl_interactive_bind_s: Invalid credentials (49)
            additional info: SASL(-13): authentication failure: GSSAPI
    Failure: gss_accept_sec_context
    [benp@thingone openldap]$ /usr/local/heimdal/bin/klist
    Credentials cache: FILE:/tmp/krb5cc_25022_XsJjpG
            Principal: benp@REED.EDU

      Issued           Expires          Principal
    Apr 29 09:46:24  Apr 29 19:46:24  krbtgt/REED.EDU@REED.EDU
    Apr 29 09:46:29  Apr 29 19:46:24  ldap/thingone.reed.edu@REED.EDU
    [benp@thingone openldap]$

Ben

-- 
---------------------------------------------------------------------------
Ben Poliakoff                                       email: <benp@reed.edu>
Reed College                                          tel:  (503)-788-6674
Unix System Administrator      PGP key: http://www.reed.edu/~benp/key.html
---------------------------------------------------------------------------
0x6AF52019 fingerprint = A131 F813 7A0F C5B7 E74D  C972 9118 A94D 6AF5 2019

Attachment: pgpfMDFppRlfK.pgp
Description: PGP signature