[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Problems with GSSAPI

Stephen Torri wrote:
The system setup I have is:

RedHat 7.2
Linux kernel 2.4.9-32.5
Kerberos: krb5,libs,devel,workstation,server 1.2.4-1
OpenLDAP: openldap,clients,server 2.0.21-1
OpenSSL: 0.9.6b-8
Cyrus-SASL: 2.1.5-2

User 'root' can obtain a kerberos ticket but the default principal is
not root@TORRI.LINUX. Its default rincipcal is torri@TORRI.LINUX. With
this in mind when I try:

The ID of the principal is not important so far. As I know GSSAPI is just *authentication* based on kerberos.

ldapsearch -H ldaps:/// -I -b"" -s base -LLL supportedSASLMechanisms.

I get back:

ldap_sasl_interactive_bind_s: Unknown error
  additional info: GSSAPI: gss_acquire_cred: miscellaneous failure:
  Permission denied.

Please turn on debugging.

-Have you created a service principal for ldap like:

-Have you added that principal to your keytab file?
-Is this keytab file readable for slapd?

Where can I find a web page or documentation that give hints or solutions to why I would keep getting the message?

ftp://kalamazoolinux.org/pub/pdf/ldapv3.pdf (best docu I found)