[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL/GSSAPI not working



On Tuesday, March 23, 2004, at 04:19 PM, Digant Kasundra wrote:
I am getting an invalid credentials error when doing an ldapwhoami after
getting a kerberos ticket. Here is my setup:


OpenLDAP 2.2.6 compiled against Heimdal 0.6 with Cyrus-SASL 2.1.18 running
on Red Hat Enterprise Linux AS 3.0
...
ldap_sasl_interactive_bind_s: Invalid credentials (49)
additional info: SASL(-13): authentication failure: GSSAPI Failure:
gss_accept_sec_context

Cyrus SASL's GSSAPI errors unfortunately come out without their text, so it's still a mystery (to me, anyway) what went wrong. You may find something in yet another log, the KDC syslog.

The only thing that looks odd to me is

Here is what "ktutil list" tells me:
FILE:/etc/sysconfig/krb5.keytab:

Vno Type Principal Key
3 des-cbc-crc ldap/omicron.kerb.uta.edu@KERB.UTA.EDU ad80fd80b651496b

We may be running a different Kerberos configuration here, but for us, the keys would need to be in /etc/krb5.keytab.

	Donn Cave, University Computing Services, University of Washington
	donn@u.washington.edu