[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
ldap GSSAPI access
I have a couple of hosts that are not behind a proxy/NAT including ldaps
servers. Now gssapi auth works fine and everything for them and I get
access (and I know gssapi is working because a ldap/FQDN ticket is in my
klist afterwards).
Now I have a bunch of other clients behind the NAT, and I have the ldap
servers stradling the outside and inside networks. Meaning they have a
presence on the internal network for the clients, I get addressless krb5
tickets and try to do gssapi auth and it fails,
[root@tirpitz ~]# ldapsearch -Y GSSAPI
ldap_sasl_interactive_bind_s: Unknown authentication method (86)
additional info: SASL(-4): no mechanism available: No worthy
mechs found
[root@tirpitz ~]# ldapsearch -x -s base -LLL -b ""
supportedSASLMechanisms
dn:
supportedSASLMechanisms: GSSAPI
supportedSASLMechanisms: DIGEST-MD5
supportedSASLMechanisms: CRAM-MD5
But when I run, the supportedSASLMechanisms search as above, I get
GSSAPI as supported. The command works fine on normal outside hosts but
not on inside ones...
Any suggestions?
--
---
Derek T. Yarnell
University of Maryland
Computer Science Department Unix Staff
derek@cs.umd.edu