[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
sasl-host ignored in GSSAPI authentication
I've worked out my other problem with getting a good krbtgt, but now I
have a new one. OpenLDAP is running on a host:
real-host.domain.net
I have a CNAME in DNS that points to this called:
ldap.domain.net
In slapd.conf, I have:
sasl-host ldap.domain.net
But when I try to run an ldapsearch, I get the following error.
% ldapsearch
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Local error (82)
additional info: SASL(-1): generic failure: GSSAPI Error:
Miscellaneous failure (see text) (Server
(ldap/real-host.domain.net@DOMAIN.NET) unknown)
My understanding of sasl-host was that it would force the principal
above to be 'ldap/ldap.domain.net', but that doesn't seem to be working
here. Is this not working correctly, or is my understanding of sasl-host
incorrect?
Thanks,
Jeff