[Date Prev][Date Next]
Re: Problems with GSSAPI
Stephen Torri wrote:
The ID of the principal is not important so far. As I know GSSAPI is
just *authentication* based on kerberos.
The system setup I have is:
Linux kernel 2.4.9-32.5
Kerberos: krb5,libs,devel,workstation,server 1.2.4-1
OpenLDAP: openldap,clients,server 2.0.21-1
User 'root' can obtain a kerberos ticket but the default principal is
not root@TORRI.LINUX. Its default rincipcal is torri@TORRI.LINUX. With
this in mind when I try:
ldapsearch -H ldaps:/// -I -b"" -s base -LLL supportedSASLMechanisms.
I get back:
ldap_sasl_interactive_bind_s: Unknown error
additional info: GSSAPI: gss_acquire_cred: miscellaneous failure:
Please turn on debugging.
-Have you created a service principal for ldap like:
-Have you added that principal to your keytab file?
-Is this keytab file readable for slapd?
Where can I find a web page or documentation that give hints or
solutions to why I would keep getting the message?
ftp://kalamazoolinux.org/pub/pdf/ldapv3.pdf (best docu I found)