[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: GSSAPI and Openldap: Permission denied in replay cache code

To: "'Openldap-Software (E-mail)'" <openldap-software@OpenLDAP.org>
Subject: RE: GSSAPI and Openldap: Permission denied in replay cache code
From: Matthieu TURPAULT <Matthieu.Turpault@comelis.fr>
Date: Mon, 6 May 2002 13:07:51 +0200

Sorry to answer to my own question but it's not a complete answer.

Kerberos uses a 'replay cache file' which is located in the temporary
directory of the account used by Kerberos server, the root account here.
And the slapd logged as ldap can't access to this directory.

If I put the 603 access to the root's temporary directory, the ldapsearch is
successfull. But it would be more suitable if we can choose the directory
where the replay cache file is located.

any ideas ?




> When I try to use my Kerberos ticket with LDAP with the 
> commands (Logged
> as root):
>    kinit
>       <the password >
>    ldapsearch -h <MyFQDN> -p 389 -b "" -s base -LLL 
> supportedSASLMechanisms
>   
>   I have the following error:
>      ldap_sasl_interactive_bind_s: Unknown error
>          additional info: GSSAPI: gss_acquire_cred: Miscellaneous
> failure; Permission denied in replay cache code;

Prev by Date: RE: LDAP invalid credentials and ldap_sasl_interactive_bind_s
Next by Date: Re: Binary attributes in LDIF file
Index(es):
- Chronological
- Thread