* Chris Maxwell <source@gateweaver.com> [030428 17:35]:
>
> Did you test SASL to ensure it is talking to heimdal properly?
>
> in one shell:
> saslauthd -a kerberos5 -d -m <mux path>
>
> in another:
> testsaslauthd -u username -p password -r REALM -s ldap -f <mux path>
>
> KDC logs are also a good place to look, since invalid credentials means
> just that ... that Openldap appears to be working correctly.
>
Yes, I tried testsaslauthd as you detailed above and it has not trouble
authenticating.
In addition I'm able to get service tickets without any trouble:
benp@thingone openldap]$ /usr/local/heimdal/bin/klist
Credentials cache: FILE:/tmp/krb5cc_25022_XsJjpG
Principal: benp@REED.EDU
Issued Expires Principal
Apr 29 09:46:24 Apr 29 19:46:24 krbtgt/REED.EDU@REED.EDU
Apr 29 09:46:29 Apr 29 19:46:24 ldap/thingone.reed.edu@REED.EDU
...and could find no problems in the kdc logs. Just lots of entries
like this:
Apr 28 11:30:29 kerberos-1 krb5kdc[10139](info): TGS_REQ (2 etypes {16 1}) 134.10.15.29(88): ISSUE: authtime 1051545504, etypes {rep=16 tkt=1 ses=1}, benp@REED.EDU for ldap/thingone.reed.edu@REED.EDU
Thanks for the suggestions though!
Ben
--
---------------------------------------------------------------------------
Ben Poliakoff email: <benp@reed.edu>
Reed College tel: (503)-788-6674
Unix System Administrator PGP key: http://www.reed.edu/~benp/key.html
---------------------------------------------------------------------------
0x6AF52019 fingerprint = A131 F813 7A0F C5B7 E74D C972 9118 A94D 6AF5 2019
Attachment:
pgpnY5ftueL1i.pgp
Description: PGP signature