[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP, SASL2, and KERBEROS5




I am able to 'kinit' correctly because I used it when I verified SASL with 'server' and 'client' authorization.

I init and export KRB5_KTNAME env in '/etc/sysconfig/ldap',
like so,

export KRB5_KTNAME = /etc/krb5.keytab.

In '/etc/init.d/ldap', I have lines like,

if [ -r /etc/sysconfig/ldap ] then;
   .  /etc/sysconfig/ldap
fi

But, now I notice there are  lines in '/etc/init.d/ldap'
for which am not certain why they are there.

I will investigate and advise. At least I am moving again
and thanks for your help.



You are able to kinit correctly, and it seems the only failing stuff is the LDAP authentication. This, combined with the error you posted, makes me think you must have indicated OpenLDAP a location where it cannot find its keytab. How are you telling OpenLDAP where to fins its keytab? Do you have a KRB5_KTNAME environmente variable defined? Where does it point?


   Best regards
   Jose

O Plameras wrote:


Initially, I have my keytab in /etc/openldap/ldap.keytab. Then, I deleted it and have it in /etc/krb5.keytab.

I still get the same problem.