[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL/GSSAPI not working

To: openldap-software@OpenLDAP.org
Subject: Re: SASL/GSSAPI not working
From: Donn Cave <donn@u.washington.edu>
Date: Tue, 23 Mar 2004 17:15:20 -0800
In-reply-to: <75333DD5963159499F497735AC2A3FC301750196@exchange.uta.edu>

On Tuesday, March 23, 2004, at 04:19 PM, Digant Kasundra wrote:

I am getting an invalid credentials error when doing an ldapwhoami after getting a kerberos ticket. Here is my setup:

OpenLDAP 2.2.6 compiled against Heimdal 0.6 with Cyrus-SASL 2.1.18 running on Red Hat Enterprise Linux AS 3.0

...

ldap_sasl_interactive_bind_s: Invalid credentials (49) additional info: SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context


Cyrus SASL's GSSAPI errors unfortunately come out without their text,
so it's still a mystery (to me, anyway) what went wrong.  You may find
something in yet another log, the KDC syslog.

The only thing that looks odd to me is

Here is what "ktutil list" tells me:
FILE:/etc/sysconfig/krb5.keytab:
Vno Type Principal Key 3 des-cbc-crc ldap/omicron.kerb.uta.edu@KERB.UTA.EDU ad80fd80b651496b


We may be running a different Kerberos configuration here, but for
us, the keys would need to be in /etc/krb5.keytab.

	Donn Cave, University Computing Services, University of Washington
	donn@u.washington.edu

Follow-Ups:
- Re: SASL/GSSAPI not working
  - From: Quanah Gibson-Mount <quanah@stanford.edu>

References:
- SASL/GSSAPI not working
  - From: Digant Kasundra <digant@uta.edu>

Prev by Date: multiple samba domains and ldap
Next by Date: Re: TLS with Active Directory
Index(es):
- Chronological
- Thread