Am 21.01.2011 17:17, schrieb Dan White:
On Debian based systems, it's renamed as saslpluginviewer. It's located
in the sasl2-bin package. The GSSAPI mechanism is installed in one of:
libsasl2-modules-gssapi-heimdal
libsasl2-modules-gssapi-mit
Package sasl2-bin wasn't installed, libsasl2-modules-gssapi-mit was.
Now I have:
Plugin "gssapiv2" [loaded], API version: 4
SASL mechanism: GSSAPI, best SSF: 56
security flags:
NO_ANONYMOUS|NO_PLAINTEXT|NO_ACTIVE|PASS_CREDENTIALS|MUTUAL_AUTH
features:
WANT_CLIENT_FIRST|PROXY_AUTHENTICATION|NEED_SERVER_FQDN
#ldapsearch -LLL -x -H ldap://srv.example.com -s "base" -b ""
supportedSASLMechanisms
dn:
supportedSASLMechanisms: GSSAPI
#ldapsearch -Y GSSAPI -LLL -H ldap://srv.example.com -s "base" -b ""
supportedSASLMechanisms
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Other (e.g., implementation specific)
error (80)
additional info: SASL(-1): generic failure: GSSAPI Error:
Unspecified GSS failure. Minor code may provide more information
(Permission denied)
Within the credentials cache:
#klist
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: user@XOMPU.DE
Valid starting Expires Service principal
01/21/11 11:32:03 01/21/11 21:32:03 krbtgt/EXAMPLE.COM@EXAMPLE.COM
renew until 01/22/11 11:31:58
01/21/11 16:20:04 01/21/11 21:32:03 host/srv.example.com@EXAMPLE.COM
renew until 01/22/11 11:31:58
01/21/11 16:46:15 01/21/11 21:32:03 ldap/srv.example.com@EXAMPLE.COM
renew until 01/22/11 11:31:58
I keep getting Permission Denied errors.