[Date Prev][Date Next] [Chronological] [Thread] [Top]

"Invalid Credentials" with Heimdal and Cyrus SASL

Having been directed towards Heimdal instead of the MIT krb5 libs I'm
now having a different problem with GSSAPI binds.  Slapd is no longer
seg faulting (thank heavens!), but when I try a GSSAPI bind with
ldapsearch I get:

    SASL/GSSAPI authentication started
    ldap_sasl_interactive_bind_s: Invalid credentials (49)
            additional info: SASL(-13): authentication failure: GSSAPI
    Failure: gss_accept_sec_context

Heimdal seems to be installed properly (per Quanah's recommendation,
it's a snapshot from CVS) , and indeed I can get and have tickets.
Heimdal's klist gives me this:

    Credentials cache: FILE:/tmp/krb5cc_25022_t4AWP0
            Principal: benp@REED.EDU

      Issued           Expires          Principal
    Feb 28 12:29:33  Feb 28 19:09:33  krbtgt/REED.EDU@REED.EDU
    Feb 28 12:31:37  Feb 28 19:09:33  ldap/MYSERVER.reed.edu@REED.EDU

I get the same results (Invalid credentials) if I specify a dn with
which to bind.  

Might this be sasl regex related?  My sasl-regex lines in slapd.conf
look like:


I found what appeared to be someone with the same problem earlier on the
list, but the thread went nowhere:


Any suggestions would be very much appreciated!


Ben Poliakoff                                       email: <benp@reed.edu>
Reed College                                          tel:  (503)-788-6674
Unix System Administrator      PGP key: http://www.reed.edu/~benp/key.html
0x6AF52019 fingerprint = A131 F813 7A0F C5B7 E74D  C972 9118 A94D 6AF5 2019