Am 21.01.2011 17:17, schrieb Dan White:
> On 21/01/11 17:06 +0100, Thomas Schweikle wrote:
>> Am 21.01.2011 16:02, schrieb Dan White:
>>> See the FAQ entry on OpenLDAP+SASL+GSSAPI at:
>>>
>>> http://www.cyrusimap.org/mediawiki/index.php/FAQ
>>>
>>
>> This refers to "pluginviewer":
>> This program doesn't exist on the system. What package is it in on
>> debian/ubuntu?
>
> On Debian based systems, it's renamed as saslpluginviewer. It's
> located in
> the sasl2-bin package. The GSSAPI mechanism is installed in one of:
>
> libsasl2-modules-gssapi-heimdal
> libsasl2-modules-gssapi-mit
Package sasl2-bin wasn't installed, libsasl2-modules-gssapi-mit was.
Now I have:
Plugin "gssapiv2" [loaded], API version: 4
SASL mechanism: GSSAPI, best SSF: 56
security flags:
NO_ANONYMOUS|NO_PLAINTEXT|NO_ACTIVE|PASS_CREDENTIALS|MUTUAL_AUTH
features:
WANT_CLIENT_FIRST|PROXY_AUTHENTICATION|NEED_SERVER_FQDN
#ldapsearch -LLL -x -H ldap://srv.example.com -s "base" -b ""
supportedSASLMechanisms
dn:
supportedSASLMechanisms: GSSAPI
#ldapsearch -Y GSSAPI -LLL -H ldap://srv.example.com -s "base" -b ""
supportedSASLMechanisms
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Other (e.g., implementation specific)
error (80)
additional info: SASL(-1): generic failure: GSSAPI Error:
Unspecified GSS failure. Minor code may provide more information
(Permission denied)
Within the credentials cache:
#klist
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: user@XOMPU.DE
Valid starting Expires Service principal
01/21/11 11:32:03 01/21/11 21:32:03 krbtgt/EXAMPLE.COM@EXAMPLE.COM
renew until 01/22/11 11:31:58
01/21/11 16:20:04 01/21/11 21:32:03 host/srv.example.com@EXAMPLE.COM
renew until 01/22/11 11:31:58
01/21/11 16:46:15 01/21/11 21:32:03 ldap/srv.example.com@EXAMPLE.COM
renew until 01/22/11 11:31:58
I keep getting Permission Denied errors.
--
Thomas
Attachment:
signature.asc
Description: OpenPGP digital signature