[Date Prev][Date Next] [Chronological] [Thread] [Top]

sasl-host ignored in GSSAPI authentication

To: openldap-software@OpenLDAP.org
Subject: sasl-host ignored in GSSAPI authentication
From: Jeffrey Layton <jtlayton@poochiereds.net>
Date: Thu, 08 Apr 2004 13:39:42 -0400

I've worked out my other problem with getting a good krbtgt, but now I
have a new one. OpenLDAP is running on a host:

    real-host.domain.net

I have a CNAME in DNS that points to this called:

    ldap.domain.net

In slapd.conf, I have:

    sasl-host ldap.domain.net

But when I try to run an ldapsearch, I get the following error.

% ldapsearch
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Local error (82)
        additional info: SASL(-1): generic failure: GSSAPI Error: 
Miscellaneous failure (see text) (Server
(ldap/real-host.domain.net@DOMAIN.NET) unknown)

My understanding of sasl-host was that it would force the principal
above to be 'ldap/ldap.domain.net', but that doesn't seem to be working
here. Is this not working correctly, or is my understanding of sasl-host
incorrect?

Thanks,
Jeff

Follow-Ups:
- RE: sasl-host ignored in GSSAPI authentication
  - From: "Howard Chu" <hyc@highlandsun.com>

Prev by Date: Re: problem with SASL authentication and Kerberos
Next by Date: Re: sasl libraries
Index(es):
- Chronological
- Thread