[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP2 and SASL/Kerberos

To: openldap-software@OpenLDAP.org
Subject: Re: OpenLDAP2 and SASL/Kerberos
From: GOMBAS Gabor <gombasg@inf.elte.hu>
Date: Tue, 6 Mar 2001 14:35:16 +0100
Content-disposition: inline
In-reply-to: <871ysb5db8.fsf@papadoc.bayour.com>; from turbo@bayour.com on Tue, Mar 06, 2001 at 12:47:39PM +0100
References: <871ysb5db8.fsf@papadoc.bayour.com>

On Tue, Mar 06, 2001 at 12:47:39PM +0100, Turbo Fredriksson wrote:

> Password for root@BAYOUR.COM: 
> CHROOT:~# ldapsearch -I -b 'dc=com' -p 3389 -h localhost -ZZ dn -v
> ldap_init( localhost, 3389 )
> SASL/GSSAPI authentication started
> SASL Interaction
> Please enter your authorization name: root@BAYOUR.COM
> ldap_sasl_interactive_bind_s: Unknown error
>         additional info: GSSAPI: gss_acquire_cred: Miscellaneous failure; No principal in keytab matches desired name; 

Can the LDAP daemon running in the chroot guess & resolve it's fully
qualified host name? If not, it won't be able to find the correct Kerberos
key in the keytab. Try explicitly setting sasl-host in slapd.conf.

Gabor

-- 
Gabor Gombas                                       Eotvos Lorand University
E-mail: gombasg@inf.elte.hu                        Hungary

Follow-Ups:
- Re: OpenLDAP2 and SASL/Kerberos
  - From: Turbo Fredriksson <turbo@bayour.com>

References:
- OpenLDAP2 and SASL/Kerberos
  - From: Turbo Fredriksson <turbo@bayour.com>

Prev by Date: Re: slapd (OpenLDAP v2.0.7) won't bind to ldap:/// AND ldaps:///
Next by Date: commands taking too much time ?
Index(es):
- Chronological
- Thread