Re: LDAP, SASL2, and KERBEROS5

[O Plameras <oscarp@acay.com.au>]

I am able to 'kinit' correctly because I used it
when I verified SASL with 'server' and 'client'
authorization.

I init and export KRB5_KTNAME env in '/etc/sysconfig/ldap',
like so,

export KRB5_KTNAME = /etc/krb5.keytab.

In '/etc/init.d/ldap', I have lines like,

if [ -r /etc/sysconfig/ldap ] then;
   .  /etc/sysconfig/ldap
fi

But, now I notice there are  lines in '/etc/init.d/ldap'
for which am not certain why they are there.

I will investigate and advise. At least I am moving again
and thanks for your help.


>    You are able to kinit correctly, and it seems the only failing 
> stuff is the LDAP authentication. This, combined with the error you 
> posted, makes me think you must have indicated OpenLDAP a location 
> where it cannot find its keytab. How are you telling OpenLDAP where to 
> fins its keytab? Do you have a KRB5_KTNAME environmente variable 
> defined? Where does it point?
>
>    Best regards
>    Jose
>
> O Plameras wrote:
>
> > Initially, I have my keytab in /etc/openldap/ldap.keytab.
> > Then, I deleted it and have it in /etc/krb5.keytab.
> >
> > I still get the same problem.