Re: GSSAPI error

[Hans Aschauer <Hans.Aschauer@Physik.uni-muenchen.de>]

On Samstag, 20. Juli 2002 22:55, Stephen Torri wrote:
> I am having a problem with GSSAPI. The search I am trying to do is to
> report back the support SASL mechanisms to test the secure ldap:
>
>
> ldapsearch -H ldap://alpha.torri.linux/ -I -b "" -s base -LLL
> supportedMechanisms
>
> SASL/GSSAPI Authentication started
> SASL Interaction
> Please enter your authorization name: torri
> ldap_sasl_interactive_bind_s: Unknown error
> 	additional info: GSSAPI: gss_input_name: ; ;
>
>
> I do not understand the error. I am trying to learn openldap and
> kerberos. I am following a HOWTO that is written for Debian but I
> have managed to understand it and set up RedHat 7.2 on an Alpha CPU
> system.


Are you shure that you have a valid kerberos TGT, i.e. did you say 
'kinit' or log in via klogin? You can check that by 'klist'.

For the authorization name, it is usually enough to press enter (at 
least, as long as you didn't set up your directory accordingly). As 
soon as you have a TGT, gssapi knows 'who' you are, and it knows your 
credentials.

A third thing: the attribute is called 'supportedSASLMechanisms' 
(instead of 'supportedMechanisms').

If you do not yet have a working Kerberos environment, you could issue

ldapsearch -x -H ldap://alpha.torri.linux/  -b "" -s base -LLL \ 
supportedSASLMechanisms

(note the change from -I to -x, which will do an anonymous simple bind)

Hope that helps,

Hans


-- 
Hans.Aschauer@Physik.uni-muenchen.de