[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Enable SASL and GSSAPI authentication
On 22/12/10 11:00 +0100, Jörg Herzinger wrote:
Hi, I've been running openLDAP with GSSAPI authentication for quite a
while now and everything has been running quite fine. The last days I
tried enabling SASL password auth as described in [1]
Now password authentication works fine, but it seems that GSS somehow
has been disabled:
root@ldap1 ~ # ldapsearch -x -H ldap:// -b '' -s base -LLL
supportedSASLMechanisms
dn:
While without SASL enabled I get:
root@ldap1 ~ # ldapsearch -x -H ldap:// -b '' -s base -LLL
supportedSASLMechanisms
dn:
supportedSASLMechanisms: GSSAPI
Is it possible to enable both, GSS and SASL pass through auth? I
checked the dokumentation and couldn't find a clue if it is or not.
openLDAP version is 2.4.11 on Debian Lenny, Kerberos is MIT version
1.6 also on Lenny. Slapd config can be found here [2]
If you've strictly followed the pass-through section of the admin guide,
you may have ran into a problem with this example sasl configuration:
mech_list: plain
pwcheck_method: saslauthd
saslauthd_path: /var/run/sasl2/mux
If that's what you've used, you should either comment out the mech_list
line or add 'gssapi' to it.
If that's not the case, can you post your sasl slapd.conf? Are there any
other changes involved in your configuration, other than modifying the
userPassword attribute in your user entries?
--
Dan White