[Date Prev][Date Next]
Re: Problems with GSSAPI
On Mon, 2002-08-19 at 07:11, paul wrote:
> Stephen Torri wrote:
> > The system setup I have is:
> > RedHat 7.2
> > Linux kernel 2.4.9-32.5
> > Kerberos: krb5,libs,devel,workstation,server 1.2.4-1
> > OpenLDAP: openldap,clients,server 2.0.21-1
> > OpenSSL: 0.9.6b-8
> > Cyrus-SASL: 2.1.5-2
> > User 'root' can obtain a kerberos ticket but the default principal is
> > not root@TORRI.LINUX. Its default rincipcal is torri@TORRI.LINUX. With
> > this in mind when I try:
> The ID of the principal is not important so far. As I know GSSAPI is
> just *authentication* based on kerberos.
> > ldapsearch -H ldaps:/// -I -b"" -s base -LLL supportedSASLMechanisms.
> > I get back:
> > ldap_sasl_interactive_bind_s: Unknown error
> > additional info: GSSAPI: gss_acquire_cred: miscellaneous failure:
> > Permission denied.
> Please turn on debugging.
Can you give a listing of the debug levels that are helpful?
> -Have you created a service principal for ldap like:
> -Have you added that principal to your keytab file?
> -Is this keytab file readable for slapd?
The permissions on the file were root(owner) root(group) (0600). So I
changed it to be 0644. That took care of root's inability to
authenticate. It did not clear up the problem.
I tried to do the above command as user 'root' with a kerberos ticket
for principal 'torri@TORRI.LINUX'. This time I got back the error:
Can't contact LDAP server.
> ftp://kalamazoolinux.org/pub/pdf/ldapv3.pdf (best docu I found)
I will download that. Thanks.