From: Brent Dunlock [mailto:Brent.Dunlock@asu.edu]
Sent: Wednesday, December 13, 2000 10:44 AM
Subject: Cyrus-SASL w/Kerberos V
I've been struggling with getting SASL and Kerberos V5 going via GSSAPI. Since there seems to be no documentation yet, I've gleened what I could from the discussion list. It almost works. I get this from the client:
# ldapsearch -I -b "dc=asu,dc=edu" "cn=Manager"
SASL/GSSAPI authentication started
Please enter your authorization name: sysgod
ldap_sasl_interactive_bind_s: Can't contact LDAP server
And the slapd server crashes. With -d -1 turned on I get a lot of dump information and at the bottom of it all is this:
(... lots of stuff...)
ber_scanf fmt (}}) ber:
ber_dump: buf=0x0007d790 ptr=0x0007d9ba end=0x0007d9ba len=0
do_sasl_bind: dn () mech GSSAPI
conn=0 op=1 BIND dn="" method=163
==> sasl_bind: dn="" mech=GSSAPI datalen=526
I'm confident that the Cyrus-SASL GSSAPI works (I ran the client/server tests that come with it) and I have entries in slapd.conf for sasl-host and sasl-realm. My /etc/krb5.keytab is right (I think): ldap/<hostname>@ASU.EDU. Background: Solaris 7, Openldap 2.0.7, Cyrus-SASL 1.5.24. Any help would be appreciated.