[Date Prev][Date Next]
RE: Cyrus-SASL w/Kerberos V
un-surprisingly enough I just ran into the same problem on a Solaris 2.6
box and the fix was the same... Thanks folks.
At 08:21 AM 12/15/2000 -0700, Brent Dunlock wrote:
follow up on my own post - this works now. For some reason it was
looking for /etc/krb5.conf in /usr/local/etc/krb5.conf so I make a copy
of it over there and it worked. To find the problem I had to run
"truss /usr/local/libexec/slapd -d 4" and saw that it was
looking in the wrong place.
- -----Original Message-----
- From: Brent Dunlock
- Sent: Wednesday, December 13, 2000 10:44 AM
- To: firstname.lastname@example.org
- Subject: Cyrus-SASL w/Kerberos V
- I've been struggling with getting SASL and Kerberos V5 going via
GSSAPI. Since there seems to be no documentation yet, I've gleened
what I could from the discussion list. It almost works. I get
this from the client:
- # ldapsearch -I -b "dc=asu,dc=edu"
- SASL/GSSAPI authentication started
- SASL Interaction
- Please enter your authorization name: sysgod
- ldap_sasl_interactive_bind_s: Can't contact LDAP server
- And the slapd server crashes. With -d -1 turned on I get a lot of dump information and at the bottom of it all is this:
- (... lots of stuff...)
- ber_scanf fmt (}}) ber:
- ber_dump: buf=0x0007d790 ptr=0x0007d9ba end=0x0007d9ba len=0
- do_sasl_bind: dn () mech GSSAPI
- conn=0 op=1 BIND dn="" method=163
- ==> sasl_bind: dn="" mech=GSSAPI datalen=526
- Segmentation Fault(coredump)
- I'm confident that the Cyrus-SASL GSSAPI works (I ran the client/server tests that come with it) and I have entries in slapd.conf for sasl-host and sasl-realm. My /etc/krb5.keytab is right (I think): ldap/<hostname>@ASU.EDU. Background: Solaris 7, Openldap 2.0.7, Cyrus-SASL 1.5.24. Any help would be appreciated.