[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL/GSSAPI authentication problems - Invalid credentials



* Chris Maxwell <source@gateweaver.com> [030428 17:35]:
> 
> Did you test SASL to ensure it is talking to heimdal properly?
> 
> in one shell:
> saslauthd -a kerberos5 -d -m <mux path>
> 
> in another:
> testsaslauthd -u username -p password -r REALM -s ldap -f <mux path>
> 
> KDC logs are also a good place to look, since invalid credentials means
> just that ... that Openldap appears to be working correctly.
> 

Yes, I tried testsaslauthd as you detailed above and it has not trouble
authenticating.

In addition I'm able to get service tickets without any trouble:

    benp@thingone openldap]$ /usr/local/heimdal/bin/klist
    Credentials cache: FILE:/tmp/krb5cc_25022_XsJjpG
            Principal: benp@REED.EDU

      Issued           Expires          Principal
    Apr 29 09:46:24  Apr 29 19:46:24  krbtgt/REED.EDU@REED.EDU
    Apr 29 09:46:29  Apr 29 19:46:24  ldap/thingone.reed.edu@REED.EDU

...and could find no problems in the kdc logs.  Just lots of entries
like this:

Apr 28 11:30:29 kerberos-1 krb5kdc[10139](info): TGS_REQ (2 etypes {16 1}) 134.10.15.29(88): ISSUE: authtime 1051545504, etypes {rep=16 tkt=1 ses=1}, benp@REED.EDU for ldap/thingone.reed.edu@REED.EDU

Thanks for the suggestions though!

Ben

-- 
---------------------------------------------------------------------------
Ben Poliakoff                                       email: <benp@reed.edu>
Reed College                                          tel:  (503)-788-6674
Unix System Administrator      PGP key: http://www.reed.edu/~benp/key.html
---------------------------------------------------------------------------
0x6AF52019 fingerprint = A131 F813 7A0F C5B7 E74D  C972 9118 A94D 6AF5 2019

Attachment: pgpnY5ftueL1i.pgp
Description: PGP signature