[Date Prev][Date Next] [Chronological] [Thread] [Top]

difficulties running slapd as non-root and sasl

To: openldap-software@OpenLDAP.org
Subject: difficulties running slapd as non-root and sasl
From: Andreas Hasenack <andreas@conectiva.com.br>
Date: Thu, 4 Apr 2002 16:05:40 -0300
Content-disposition: inline
User-agent: Mutt/1.3.28i

I can only use sasl-gssapi with openldap if I run slapd as root.
If I run it as a regular user (ldap), sasl-gssapi won't work,
even with a world-readable /etc/krb5.keytab. I get different
errors:

This happens with a 0600 krb5.keytab which slapd can't read. That's expected.
$ ldapsearch  -LLL uid=bla 
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Unknown error
        additional info: GSSAPI: gss_acquire_cred: Miscellaneous failure; Permission denied; 

Now I have a 666 krb5.keytab file, just for testing:
$ ldapsearch  -LLL uid=bla
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Unknown error
        additional info: GSSAPI: gss_acquire_cred: Miscellaneous failure; Permission denied in replay cache code; 

If I run slapd as root, then it works... (and yes, /etc/openldap/slapd.conf is
readable by the ldap user).

Any clues?

Prev by Date: What LDAP to use?
Next by Date: Client certificates in HEAD
Index(es):
- Chronological
- Thread