[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: gss_accept_sec_context

To: "'Marian Chowanetz'" <mchowanetz@emmixx.de>, <openldap-software@OpenLDAP.org>
Subject: RE: gss_accept_sec_context
From: "Howard Chu" <hyc@highlandsun.com>
Date: Thu, 11 Mar 2004 00:32:08 -0800
Importance: Normal
In-reply-to: <000d01c4073b$d9d61f50$f400a8c0@zs1w244>

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Marian Chowanetz

> hi,
>
> I set up openldap+gssapi+kerberos/heimdal on two machines. On
> the first
> machine I installed all from the sources (ldap2.1.25, cyrus2.1.17,
> krb1.3.2), on the second all from the distri (SuSE 9.0). openldap runs
> (slapd -d -1), heimdal(distri)/kerberos(source) runs with
> init database,
> kinit, klist ...
>
> But the problem is the same: if I test openldap with ldapwhoami or
> ldapmodify I get the same error:
>
> SASL/GSSAPI authentication started
> ldap_sasl_interactive_bind_s: Invalid credentials (49)
> 	additional info: SASL(-13): authentication failure:
> GSSAPI Failure:
> gss_accept_sec_context
>
> I've read howtos/manuals/admin guide but I couldn't find the mistake.
> I tried different settings in slapd.conf and in
> kerberos/heimdal but to no
> avail.
> I just want to get valid credentials.
>
> Any suggestions would be very appreciated...

It sounds to me like you have installed the software but you haven't created
a Kerberos principal for the LDAP service. This is a Kerberos usage question,
not an OpenLDAP issue.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

References:
- gss_accept_sec_context
  - From: "Marian Chowanetz" <mchowanetz@emmixx.de>

Prev by Date: User Authentication with a Unix client and Linux server
Next by Date: RE: Could anybody explain the indexing keywords?
Index(es):
- Chronological
- Thread