On Wed, Aug 06, 2003 at 11:23:57AM -0400, Stephen Frost wrote:
> It might be enough to compile with --enable-spasswd (SASL) and to then
> use {SASL} in the userPassword. I'd like to know if this actually works
> or not...
I have the following entry:
dn: uid=lewiz,ou=People,dc=lewiz,dc=org
uid: lewiz
cn: Lewis Thompson
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: krb5Principal
krb5PrincipalName: lewiz@LEWIZ.ORG
userPassword:: e1NBU0x9bGV3aXpATEVXSVouT1JH
loginShell: /bin/csh
uidNumber: 4001
gidNumber: 4001
homeDirectory: /home/lewiz
gecos: Lewis Thompson
The userPassword was entered as {SASL}lewiz@LEWIZ.ORG. I have
openldap21 compiled with --enable-spasswd (no --enable-kpasswd) and I
have the following saslRegexp:
saslRegexp
uid=(.*),cn=(.*),cn=GSSAPI,cn=auth
uid=$1,dc=lewiz,dc=org
When I try ldapwhoami:
# ldapwhoami
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Invalid credentials (49)
additional info: SASL(-13): authentication failure: GSSAPI
Failure: gss_accept_sec_context
I have a valid ticket:
# klist
Credentials cache: FILE:/tmp/krb5cc_0
Principal: lewiz@LEWIZ.ORG
Issued Expires Principal
Aug 6 16:06:04 Aug 7 02:06:04 krbtgt/LEWIZ.ORG@LEWIZ.ORG
Aug 6 16:06:07 Aug 7 02:06:04 ldap/orange.lewiz.org@LEWIZ.ORG
I've been having troubles with this for a while; I thought it was
because I was trying to use {KERBEROS} but I get the same with {SASL}.
This is FreeBSD, not Debian but it might be of some use to you.
Best wishes,
-lewiz.
--
I was so much older then, I'm younger than that now. --Bob Dylan, 1964.
------------------------------------------------------------------------
-| msn:purple@lewiz.net | jab:lewiz@jabber.org | url:http://lewiz.net |-
Attachment:
pgpoJnbvyxHDN.pgp
Description: PGP signature