* Chris Maxwell <source@gateweaver.com> [030428 17:35]: > > Did you test SASL to ensure it is talking to heimdal properly? > > in one shell: > saslauthd -a kerberos5 -d -m <mux path> > > in another: > testsaslauthd -u username -p password -r REALM -s ldap -f <mux path> > > KDC logs are also a good place to look, since invalid credentials means > just that ... that Openldap appears to be working correctly. > Yes, I tried testsaslauthd as you detailed above and it has not trouble authenticating. In addition I'm able to get service tickets without any trouble: benp@thingone openldap]$ /usr/local/heimdal/bin/klist Credentials cache: FILE:/tmp/krb5cc_25022_XsJjpG Principal: benp@REED.EDU Issued Expires Principal Apr 29 09:46:24 Apr 29 19:46:24 krbtgt/REED.EDU@REED.EDU Apr 29 09:46:29 Apr 29 19:46:24 ldap/thingone.reed.edu@REED.EDU ...and could find no problems in the kdc logs. Just lots of entries like this: Apr 28 11:30:29 kerberos-1 krb5kdc[10139](info): TGS_REQ (2 etypes {16 1}) 134.10.15.29(88): ISSUE: authtime 1051545504, etypes {rep=16 tkt=1 ses=1}, benp@REED.EDU for ldap/thingone.reed.edu@REED.EDU Thanks for the suggestions though! Ben -- --------------------------------------------------------------------------- Ben Poliakoff email: <benp@reed.edu> Reed College tel: (503)-788-6674 Unix System Administrator PGP key: http://www.reed.edu/~benp/key.html --------------------------------------------------------------------------- 0x6AF52019 fingerprint = A131 F813 7A0F C5B7 E74D C972 9118 A94D 6AF5 2019
Attachment:
pgpnY5ftueL1i.pgp
Description: PGP signature