[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: OpenLDAP, SASL, Kerberos

To: "Turbo Fredriksson" <turbo@bayour.com>, <openldap-software@OpenLDAP.org>
Subject: RE: OpenLDAP, SASL, Kerberos
From: "Howard Chu" <hyc@highlandsun.com>
Date: Thu, 25 Jul 2002 09:03:05 -0700
Importance: Normal
In-reply-to: <87r8hrzwr9.fsf@papadoc.bayour.com>

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Turbo
> Fredriksson

> >>>>> "Markus" == Markus Jung <Markus.Jung@de.tds-global.com> writes:
> 
>     Markus> kinit(v5): Client not found in Kerberos database while
>     Markus> getting initial credentials
> 
> You're missing the ldap service principal for the LDAP server...
> 
> Create a 'ldap/FQDN_OF_LDAP_SERVER@YOUR_REALM' in the Kerberos db.

Wrong. The ldap service principal for the LDAP server is just that - FOR
THE SERVER. kinit is complaining about the CLIENT. kinit doesn't ever
know anything about the server you're trying to talk to, all it does is
obtain credentials for the client.

This error message means the CLIENT does not exist. Make sure you have
created a Kerberos principal for your Unix userid.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

References:
- Re: OpenLDAP, SASL, Kerberos
  - From: Turbo Fredriksson <turbo@bayour.com>

Prev by Date: FW: Configure failing on FreeBSD 4.6..
Next by Date: Re: Report: apache auth_ldap and "DSA is unwilling to perform"
Index(es):
- Chronological
- Thread