[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL auth not working



On 30/06/10 18:43 +0200, Michael Ströder wrote:
Dan White wrote:
On 23/06/10 10:27 -0300, Diego Lima wrote:
I'm trying to set up openldap to authenticate using my kerberos
service, but I'm not having success so far.
The userPassword value translates to {SASL}diego.lima@USERS

IMO that's not needed for SASL/GSSAPI.


When doing a SASL bind, you should specify the same username that you are
authentication with, for saslauthd. Use a '-U diego.lima@USERS' instead of
a -D option:

ldapwhoami -U diego.lima@USERS

He would also have to specify -Y GSSAPI.
And off course slapd has to be kerberized first to make this work.

Presumably he is doing plaintext authentication to slapd rather than gssapi, and having saslauthd validate the username and password against a kerberos5 server.

--
Dan White