[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Problems with SASL

To: "'openldap-software@openldap.org'" <openldap-software@OpenLDAP.org>
Subject: Re: Problems with SASL
From: Quanah Gibson-Mount <quanah@stanford.edu>
Date: Tue, 23 Mar 2004 07:48:58 -0800
Content-disposition: inline
In-reply-to: <75333DD5963159499F497735AC2A3FC301750188@exchange.uta.edu>
References: <75333DD5963159499F497735AC2A3FC301750188@exchange.uta.edu>

--On Monday, March 22, 2004 3:34 PM -0600 Digant Kasundra <digant@uta.edu> wrote:

Hello everyone,

I'm trying to use SASL to authenticate users.  But, whenever I run
ldapwhoami or ldapsearch, or anything else, it fails b/c it tries to get a
ticket for ldap/omicron.uta.edu@UTA.EDU.  The correct realm is
KERB.UTA.EDU. I double checked my krb5.conf, krb.conf, and krb.realms and
they all mention KERB.UTA.EDU as the realm.  And in slapd.conf,
sasl_realm is set to KERB.UTA.EDU.  Anyone know why it is still trying to
get a ticket for the UTA.EDU realm?  Is it parsing the FQDN?


Digant,

The problem here is that your K5 realm is in violation of RFC 1510, section 7.1.

<http://www.ietf.org/rfc/rfc1510.txt>

(Posting here in case others ever see this issue as well).

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/TSS/Computing Systems
ITSS/TSS/Infrastructure Operations
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

References:
- Problems with SASL
  - From: Digant Kasundra <digant@uta.edu>

Prev by Date: problem with slapadd
Next by Date: liblutil's lutil_passwd_hash in shared library?
Index(es):
- Chronological
- Thread