[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Openldap crashes on GSSAPI authentication

On Fri, 2003-02-21 at 15:13, Diego Julian Remolina wrote:
> Hi,
> I have been trying for a while to get openldap working with sasl and
> gssapi on Solaris 9 but have had no luck.  Can anybody give me a hand?
> I am using mit kerberos krb5-1.2.7.
> I compiled sasl-2.1.12 and tested it with the sample server and client
> with sucess for gssapi authentication.  Later on I compiled
> openldap-2.1.12 and after many problems, I found out that even though
> slapd was finding /opt/local/lib/sasl2 while using ldd, it wanted the link
> from /usr/lib/sasl2 to that folder in order to recognize the GSSAPI
> authentication mechanism (This actually works as you can see in the log of
> my client session). (And yes I know I should have created that link
> following the sasl instructions... but It took me a while to realize
> that.... :) ).

>From your sldapd.conf: 
# SASL Configuration
#sasl-realm	math.gatech.edu
#sasl-host	kerberos.math.gatech.edu

why are these commented ? Shouldn't you set them right ? 
Too see if the sasl-regexp works you should issue the command:
$ ldapwhoami -Y GSSAPI

Also see: http://www.openldap.org/faq/data/cache/630.html
the "srvtab" option in slapd.conf I guess is for KRB_v4
and not for SASL/GSSAPI. The /usr/lib/sasl2 link is clearly 
stated in the cyrus-sasl docs, it's not slapd's fault, it's the way
the cyrus-sasl things work.