[Date Prev][Date Next] [Chronological] [Thread] [Top]

Cyrus-SASL w/Kerberos V



Title: Cyrus-SASL w/Kerberos V

I've been struggling with getting SASL and Kerberos V5 going via GSSAPI.  Since there seems to be no documentation yet, I've gleened what I could from the discussion list.  It almost works.  I get this from the client:

# ldapsearch -I -b "dc=asu,dc=edu" "cn=Manager"
SASL/GSSAPI authentication started
SASL Interaction
Please enter your authorization name: sysgod
ldap_sasl_interactive_bind_s: Can't contact LDAP server
#

And the slapd server crashes.  With -d -1 turned on I get a lot of dump information and at the bottom of it all is this:

(... lots of stuff...)
ber_scanf fmt (}}) ber:
ber_dump: buf=0x0007d790 ptr=0x0007d9ba end=0x0007d9ba len=0

do_sasl_bind: dn () mech GSSAPI
conn=0 op=1 BIND dn="" method=163
==> sasl_bind: dn="" mech=GSSAPI datalen=526
Segmentation Fault(coredump)

I'm confident that the Cyrus-SASL GSSAPI works (I ran the client/server tests that come with it) and I have entries in slapd.conf for sasl-host and sasl-realm.  My /etc/krb5.keytab is right (I think): ldap/<hostname>@ASU.EDU.  Background: Solaris 7, Openldap 2.0.7, Cyrus-SASL 1.5.24.  Any help would be appreciated.