[Date Prev][Date Next] [Chronological] [Thread] [Top]

ldap GSSAPI access

To: openldap-software@OpenLDAP.org
Subject: ldap GSSAPI access
From: "Derek T. Yarnell" <derek@cs.umd.edu>
Date: Fri, 5 Sep 2003 14:32:28 -0400
Content-disposition: inline
User-agent: Mutt/1.4i

I have a couple of hosts that are not behind a proxy/NAT including ldaps
servers. Now gssapi auth works fine and everything for them and I get
access (and I know gssapi is working because a ldap/FQDN ticket is in my
klist afterwards).

Now I have a bunch of other clients behind the NAT, and I have the ldap
servers stradling the outside and inside networks. Meaning they have a
presence on the internal network for the clients, I get addressless krb5
tickets and try to do gssapi auth and it fails,

[root@tirpitz ~]# ldapsearch -Y GSSAPI
ldap_sasl_interactive_bind_s: Unknown authentication method (86)
        additional info: SASL(-4): no mechanism available: No worthy
mechs found

[root@tirpitz ~]# ldapsearch -x -s base -LLL -b ""
supportedSASLMechanisms
dn:
supportedSASLMechanisms: GSSAPI
supportedSASLMechanisms: DIGEST-MD5
supportedSASLMechanisms: CRAM-MD5

But when I run, the supportedSASLMechanisms search as above, I get
GSSAPI as supported. The command works fine on normal outside hosts but
not on inside ones... 

Any suggestions?


-- 
---
Derek T. Yarnell
University of Maryland
Computer Science Department Unix Staff
derek@cs.umd.edu

Prev by Date: RE: Question about Cygwin OpenLDAP
Next by Date: binding to active directory eureka!
Index(es):
- Chronological
- Thread