This just means the LDAP clients that you are using are compiled with SASL.. Add a -x to the parameters to all your ldap* commands.. (ie. ldapmodify -x). this will tell the client program to use simple authentication instead of SASL. ldapmodify --help will list other parameters that will be helpful. On Tue, 2003-09-09 at 14:38, Philip Juels wrote: > Hi all, > > I've set up a very simple LDAP server (simple passwords) and when I use > ldapmodify, I get... > > SASL/GSSAPI authentication started > ldap_sasl_interactive_bind_s: Local error (82) > additional info: SASL(-1): generic failure: GSSAPI Error: > Miscellaneous failure (see text) (open(/tmp/krb5cc_0): No such file or > directory) > > Now, I don't see anything in my slapd.conf related to SASL or GSSAPI > anywhere. How do I get around this? I know I shouldn't use cleartext > passwords but I just want to get something running, and I'll add > security features later. > > Here's my slapd.conf... > > # $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.23.2.5 2002/11/26 > 18:26:01 kurt Exp $ > # > # See slapd.conf(5) for details on configuration options. > # This file should NOT be world readable. > # > include /etc/openldap/schema/core.schema > include /etc/openldap/schema/cosine.schema > include /etc/openldap/schema/java.schema > include /etc/openldap/schema/inetorgperson.schema > include /etc/openldap/schema/nis.schema > > # Define global ACLs to disable default read access. > > # Do not enable referrals until AFTER you have a working directory > # service AND an understanding of referrals. > #referral ldap://root.openldap.org > > pidfile /var/run/slapd/slapd.pid > argsfile /var/run/slapd/slapd.args > > loglevel 768 > # Load dynamic backend modules: > # modulepath /usr/lib/openldap/openldap > # moduleload back_bdb.la > # moduleload back_ldap.la > # moduleload back_ldbm.la > # moduleload back_passwd.la > # moduleload back_shell.la > > # Sample security restrictions > # > # Disallow clear text exchange of passwords > # disallow bind_simple_unprotected > # > # Require integrity protection (prevent hijacking) > # Require 112-bit (3DES or better) encryption for updates > # Require 63-bit encryption for simple bind > # security ssf=1 update_ssf=112 simple_bind=64 > # Sample access control policy: > # Root DSE: allow anyone to read it > # Other DSEs: > # Allow self write access > # Allow authenticated users read access > # Allow anonymous users to authenticate > # Directives needed to implement policy: > # access to dn.base="" by * read > # access to * > # by self write > # by users read > # by anonymous auth > # > # if no access controls are present, the default policy is: > # Allow read by all > # > # rootdn can always write! > > # access to attrs=userPassword > # access to * > # by * > > ####################################################################### > # ldbm database definitions > ####################################################################### > > database ldbm > #suffix "dc=my-domain,dc=com" > suffix "dc=hpcgg,dc=org" > #rootdn "cn=Manager,dc=my-domain,dc=com" > rootdn "cn=root,dc=hpcgg,dc=org" > # Cleartext passwords, especially for the rootdn, should > # be avoid. See slappasswd(8) and slapd.conf(5) for details. > # Use of strong authentication encouraged. > rootpw secret > # The database directory MUST exist prior to running slapd AND > # should only be accessible by the slapd/tools. Mode 700 recommended. > directory /var/lib/ldap > mode 0600 > # Indices to maintain > #index cn,sn,uid pres,eq,sub > index cn pres,eq > index objectClass eq > > Thanks for your help > > --Philip Juels > pjuels@rics.bwh.harvard.edu -- Edward Rudd <eddie@omegaware.com> Home Page <http://urkle.drip.ws/>
Attachment:
signature.asc
Description: This is a digitally signed message part