[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL GSSAPI authentication with Sun Java Directory Server 5.2P4



It's been awhile since I posted this, but for the record (and if anyone
encounters this in the future), this was a problem with the ldap/fqdn
principal keytab on the DS server. It needed to have a weaker enctype
(des-cbc-crc worked, though others probably do, as well), or else
apparently Solaris couldn't handle it.

--
Andrew Deason
adeason2@uiuc.edu

On Wed, 31 Jan 2007 17:35:47 -0600
Andrew Deason <adeason2@uiuc.edu> wrote:

> I am trying to use OpenLDAP's ldapsearch to connect to a Sun DS 5.2
> server using SASL/GSSAPI to authenticate. The setup works perfectly
> fine on Solaris clients, but not on Linux ones using OpenLDAP's
> ldapsearch (Debian sid on x86). Instead, it always gives the following
> error:
>
> SASL/GSSAPI authentication started
> ldap_sasl_interactive_bind_s: Invalid credentials (49)
>         additional info: SASL(-13): authentication failure: GSSAPI
> Error: Unspecified GSS failure.  Minor code may provide more
> information (Unknown code 188)
>
> This error is coming from the DS server (right?), so I know this may
> not be OpenLDAP's problem. I was just wondering if anyone else had
> encountered this problem, or if there are any workarounds or anything,
> or if this is known to just not work at all.
>
> I'm using the Cyrus SASL implementation with MIT Kerberos. I tried
> this with ldapsearch 2.3.30 and 2.2.23.
>
> --
> Andrew Deason
> adeason2@uiuc.edu
>

Attachment: pgpNX0rWMsMzR.pgp
Description: PGP signature