[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL auth not working



On 01/07/10 00:18 +0200, Michael Ströder wrote:
Dan White wrote:
On 30/06/10 18:43 +0200, Michael Ströder wrote:
He would also have to specify -Y GSSAPI.
And off course slapd has to be kerberized first to make this work.

Presumably he is doing plaintext authentication to slapd rather than
gssapi, and having saslauthd validate the username and password against
a kerberos5 server.

Why do you think so? Diego mentioned kinit and klist in the original posting:

http://www.openldap.org/lists/openldap-technical/201006/msg00301.html

Therefore I presume he wants to use SASL/GSSAPI. But only he can tell us what
he really wants to achieve.

It's clear what his intentions where from this snippet, from the original
post:

I've also set up SASL to use the kerberos5 auth mechanism and it seems to
work:

root@filesystem:~# testsaslauthd -u diego.lima@USERS -p 123456
0: OK "Success."
Which means he was successful in configuring saslauthd to use the kerberos5
authmech (see the manual page).

His problem is not with any kerberos5 configuration, but rather a usage
question in how to use the ldap client utilities and how to configure his
user entries to support SASL.

--
Dan White