[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: gss_accept_sec_context



> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Marian Chowanetz

> hi,
>
> I set up openldap+gssapi+kerberos/heimdal on two machines. On
> the first
> machine I installed all from the sources (ldap2.1.25, cyrus2.1.17,
> krb1.3.2), on the second all from the distri (SuSE 9.0). openldap runs
> (slapd -d -1), heimdal(distri)/kerberos(source) runs with
> init database,
> kinit, klist ...
>
> But the problem is the same: if I test openldap with ldapwhoami or
> ldapmodify I get the same error:
>
> SASL/GSSAPI authentication started
> ldap_sasl_interactive_bind_s: Invalid credentials (49)
> 	additional info: SASL(-13): authentication failure:
> GSSAPI Failure:
> gss_accept_sec_context
>
> I've read howtos/manuals/admin guide but I couldn't find the mistake.
> I tried different settings in slapd.conf and in
> kerberos/heimdal but to no
> avail.
> I just want to get valid credentials.
>
> Any suggestions would be very appreciated...

It sounds to me like you have installed the software but you haven't created
a Kerberos principal for the LDAP service. This is a Kerberos usage question,
not an OpenLDAP issue.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support