[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
SASL/GSSAPI problem SOLVED!!
Title: Message
For those of you who
were familiar with my problem, I'd like to announce that I solved it, and I knew
it would be just something small and stupid that I
overlooked.
RECAP:
When trying to do
bind with my kerberos ticket, I was getting the error "Decrypt integrity check
failed" when using Heimdal and "Wrong principal in request" when using MIT
Kerberos. I had forgotten that I had wrongly added the principal
ldap/(KDC-FQDN) to my keytab file b/c I noticed that a request was being made
for this. But that key should never be on the LDAP server and at the time,
I chose to just overlook that problem. Upon revisiting this, I found that
it was the key to solving the problem: slapd was getting a key for
ldap/(KDC-FQDN) because in the slapd.conf file, I had listed the KDC as the
sasl-host instead of the LDAP server.
PROBLEM:
Incorrect sasl-host
listed in slapd.conf
SOLUTION:
The sasl-host value
should be the name of the server (usually the FQDN) such that a principal exists
in the form "ldap/(sasl-host)@REALM".
----------------------------- Digant C
Kasundra Software Systems Specialist Office of Information
Technology University of Texas at Arlington (817) 272-1291 - digant@uta.edu |
To request technical support,
please
contact our computing Help Desk
at