[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: kpasswd

To: "Howard Chu" <hyc@highlandsun.com>
Subject: Re: kpasswd
From: Allan Streib <astreib@indiana.edu>
Date: Fri, 17 Oct 2003 11:13:20 -0500
Cc: "'Frank Swasey'" <Frank.Swasey@uvm.edu>, "'Paul M Fleming'" <pfleming@siumed.edu>, "'Allan E Johannesen'" <aej@WPI.EDU>, <openldap-software@OpenLDAP.org>
In-reply-to: <016201c39438$f6aa9640$1801a8c0@CELLO>

On Thursday, October 16, 2003, at 05:57 PM, Howard Chu wrote:

I gather from what I've read in the archives that I would need to run
saslauthd on the ldap server (with the '-a kerberos5' option ??), and
then set the appropriate userPassword attribute value to
{SASL}principal ??  Is there more to it, or did I miss some docs
elsewhere?

That's all there is to it.


I'm running into some difficulty -- started saslauthd as:
   saslauthd -a kerberos5

Edited my userPassword attribute to be:

   userPassword: {SASL}astreib@IU.EDU

I get an invalid credentials error trying to bind. Also tried omitting the @IU.EDU and the same error. My ldap logs show:

Oct 17 11:06:56 slapd[30324]: SASL [conn=10] Error: unable to open Berkeley db /etc/sasldb2: No such file or directory Oct 17 11:06:56 slapd[30324]: SASL [conn=10] Failure: Invalid credentials

I've never had a problem doing SASL binds without /etc/sasldb2 before, and in fact a SASL/GSSAPI bind still works fine. Is that required to exist for {SASL} passwords, even though kerberos is what I want to be used?

Allan

Follow-Ups:
- Max number of entries
  - From: "Krishna Tulasi" <ktulasi@itstrategists.com>
- Re: kpasswd
  - From: Allan Streib <astreib@indiana.edu>
- RE: kpasswd
  - From: "Howard Chu" <hyc@highlandsun.com>

References:
- RE: kpasswd
  - From: "Howard Chu" <hyc@highlandsun.com>

Prev by Date: Re: ldap not very helpful
Next by Date: Re: ldapsearch fail with Active Directory...
Index(es):
- Chronological
- Thread