[Date Prev][Date Next] [Chronological] [Thread] [Top]

sasl-host ignored in GSSAPI authentication



I've worked out my other problem with getting a good krbtgt, but now I
have a new one. OpenLDAP is running on a host:

    real-host.domain.net

I have a CNAME in DNS that points to this called:

    ldap.domain.net

In slapd.conf, I have:

    sasl-host ldap.domain.net

But when I try to run an ldapsearch, I get the following error.

% ldapsearch
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Local error (82)
        additional info: SASL(-1): generic failure: GSSAPI Error: 
Miscellaneous failure (see text) (Server
(ldap/real-host.domain.net@DOMAIN.NET) unknown)

My understanding of sasl-host was that it would force the principal
above to be 'ldap/ldap.domain.net', but that doesn't seem to be working
here. Is this not working correctly, or is my understanding of sasl-host
incorrect?

Thanks,
Jeff