[Date Prev][Date Next] [Chronological] [Thread] [Top]

mit-krb5 GSSAPI authentication

To: openldap-software@OpenLDAP.org
Subject: mit-krb5 GSSAPI authentication
From: "Alan Jones" <skyphyr@gmail.com>
Date: Tue, 21 Feb 2006 14:38:29 +0000
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type; b=Jypawgv//tA8Ac6I3vGpSzKzhCajQYE/RitlP/5C67QQtbih0Pn7tn6lP4YfoGIv3glqE2DosxUq8CGTnnit+v1dh24wB/MHAqNZqKcsbas8ydFRfRBsm6MWNEOOeCSDCX4f0jEu9KN3+9MG6012zsw+vc/G7oBfhWKioALPV4U=

Hi All,

I'm having trouble with Kerberos authentication on openldap.

I'm on gentoo running openldap-2.2.28-r4, cyrus-sasl-2.1.21-r2,
mit-krb5-1.4.3 and openssl-0.9.7i.

When I run ldapsearch -H ldap://water/ -b dc=fluid I get
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Invalid credentials (49)
        additional info: SASL(-13): authentication failure: GSSAPI Failure:
gss_accept_sec_context

I've looked at the log and it appears that when sasl_bind is called the DN
is "".

I've removed the saslregex from my slapd.conf just to check it wasn't
replacing it with nothing.
The keytab is ldap:ldap 640 and the slapd is run as user ldap. The keytab is
listed in /etc/conf.d/slapd

Does anyone have an idea what would be causing these errors?

Thanks for any help and suggestions.

Cheers,

Alan.

Follow-Ups:
- Re: mit-krb5 GSSAPI authentication
  - From: Quanah Gibson-Mount <quanah@stanford.edu>

Prev by Date: Re: 2.3.19 relocatable RPM package
Next by Date: Re: SASL mechanisms
Index(es):
- Chronological
- Thread