[Date Prev][Date Next] [Chronological] [Thread] [Top]

KrbV5, KPASSWD, Invalid credentials, Unable to locate KDC (ITS#1520)

Full_Name: Asger Henriksen
Version: CVS HEAD
OS: Linux Debian
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (


After unsuccessfully trying to get LDAPv3+SASL+KrbV5+SSL/TSL etc to work from
fine HOWTO on www.bayour.com, I finally tracked the error to the KPASSWD
of the code. Debug showed that kerberos returned "Unable to locate KDC", from
krb5_get_init_creds_password call in passwd.c in libraries/liblutil

I know Kerberos was working, because I have used it for a while, and used the
setup to develop GSSAPI bindings for the Intermezzo Filesystem.

It seemed the krb5 call was unable to derive the realm from the userPassword
so, which was formatted as {KERBEROS}user@<MY-REALM>. I verified that the
user@<MY-REALM> was correctly extracted to the krb5_parse_name call.

 I added a call to 

after the krb5_parse_name call.

After this, it worked.

My ldap.conf and slapd.conf both had a sasl-realm <MY-REALM> entry.

I have tried several versions of OpenLDAP without luck. My debuging was done
against CVS HEAD on 08/01-2002

Asger Henriksen