[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: OpenLDAP, SASL, Kerberos

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Turbo
> Fredriksson

> >>>>> "Markus" == Markus Jung <Markus.Jung@de.tds-global.com> writes:
>     Markus> kinit(v5): Client not found in Kerberos database while
>     Markus> getting initial credentials
> You're missing the ldap service principal for the LDAP server...
> Create a 'ldap/FQDN_OF_LDAP_SERVER@YOUR_REALM' in the Kerberos db.

Wrong. The ldap service principal for the LDAP server is just that - FOR
THE SERVER. kinit is complaining about the CLIENT. kinit doesn't ever
know anything about the server you're trying to talk to, all it does is
obtain credentials for the client.

This error message means the CLIENT does not exist. Make sure you have
created a Kerberos principal for your Unix userid.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support