Re: multi-master syncrepl with sasl/gssapi authentication

["Travis L. Bean" <travis.bean@assuretech.net>]

What value do I set the KRB5TICKET environment variable to? In all the
documentation I have reviewed, I am not aware of the existence of a
KRB5TICKET environment variable. Do you mean KRB5_KTNAME?

On Debian Linux, I set KRB5_KTNAME with the following:

sed -i "s|#export KRB5_KTNAME=/etc/krb5.keytab|export \
  KRB5_KTNAME=/etc/ldap/ldap.keytab|" /etc/default/slapd

K5start is started with the following:

k5start -b -u ldap/${FQDN}@$KRB_REALM -f /etc/ldap/ldap.keytab \
  -K 10 -l 24h -k /tmp/krb5cc_0 -o openldap

> --On Wednesday, March 07, 2012 8:30 PM -0500 travis.bean@assuretech.net
> wrote:
>
>> I am having trouble getting multi-master syncrepl to sync when using
>> "bindmethod=sasl" and "saslmech=gssapi".  I achieved success when I
>> tried "bindmethod=simple", so at least I know it has been narrowed down
to a
>> sasl/gssapi authentication problem (incorrect/missing sasl AuthzRegexp
>> or perhaps an incorrect/missing slapd ACL?).
>
> Does the slapd process have a KRB5TICKET environment variable defined?
> Does the slapd process have the "kstart" utility keeping said ticket
> constantly alive?
>
> Those are usually the two main failing points.
>
> --Quanah