[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Cyrus-SASL w/Kerberos V

        FYI, un-surprisingly enough I just ran into the same problem on a Solaris 2.6 box and the fix was the same...  Thanks folks.

At 08:21 AM 12/15/2000 -0700, Brent Dunlock wrote:
To follow up on my own post - this works now.  For some reason it was looking for /etc/krb5.conf in /usr/local/etc/krb5.conf so I make a copy of it over there and it worked.  To find the problem I had to run "truss /usr/local/libexec/slapd -d 4" and saw that it was looking in the wrong place. 
-----Original Message-----
From: Brent Dunlock [mailto:Brent.Dunlock@asu.edu]
Sent: Wednesday, December 13, 2000 10:44 AM
To: openldap-software@openldap.com
Subject: Cyrus-SASL w/Kerberos V

I've been struggling with getting SASL and Kerberos V5 going via GSSAPI.  Since there seems to be no documentation yet, I've gleened what I could from the discussion list.  It almost works.  I get this from the client:
# ldapsearch -I -b "dc=asu,dc=edu" "cn=Manager"
SASL/GSSAPI authentication started
SASL Interaction
Please enter your authorization name: sysgod
ldap_sasl_interactive_bind_s: Can't contact LDAP server

And the slapd server crashes.  With -d -1 turned on I get a lot of dump information and at the bottom of it all is this:
(... lots of stuff...)
ber_scanf fmt (}}) ber:
ber_dump: buf=0x0007d790 ptr=0x0007d9ba end=0x0007d9ba len=0

do_sasl_bind: dn () mech GSSAPI
conn=0 op=1 BIND dn="" method=163
==> sasl_bind: dn="" mech=GSSAPI datalen=526
Segmentation Fault(coredump)

I'm confident that the Cyrus-SASL GSSAPI works (I ran the client/server tests that come with it) and I have entries in slapd.conf for sasl-host and sasl-realm.  My /etc/krb5.keytab is right (I think): ldap/<hostname>@ASU.EDU.  Background: Solaris 7, Openldap 2.0.7, Cyrus-SASL 1.5.24.  Any help would be appreciated.