[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP2 and SASL/Kerberos

On Tue, Mar 06, 2001 at 12:47:39PM +0100, Turbo Fredriksson wrote:

> Password for root@BAYOUR.COM: 
> CHROOT:~# ldapsearch -I -b 'dc=com' -p 3389 -h localhost -ZZ dn -v
> ldap_init( localhost, 3389 )
> SASL/GSSAPI authentication started
> SASL Interaction
> Please enter your authorization name: root@BAYOUR.COM
> ldap_sasl_interactive_bind_s: Unknown error
>         additional info: GSSAPI: gss_acquire_cred: Miscellaneous failure; No principal in keytab matches desired name; 

Can the LDAP daemon running in the chroot guess & resolve it's fully
qualified host name? If not, it won't be able to find the correct Kerberos
key in the keytab. Try explicitly setting sasl-host in slapd.conf.


Gabor Gombas                                       Eotvos Lorand University
E-mail: gombasg@inf.elte.hu                        Hungary