[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
"Invalid Credentials" with Heimdal and Cyrus SASL
- To: openldap-software@OpenLDAP.org
- Subject: "Invalid Credentials" with Heimdal and Cyrus SASL
- From: Ben Poliakoff <benp@reed.edu>
- Date: Fri, 28 Feb 2003 12:45:40 -0800
- Content-disposition: inline
- User-agent: Mutt/1.4i
Having been directed towards Heimdal instead of the MIT krb5 libs I'm
now having a different problem with GSSAPI binds. Slapd is no longer
seg faulting (thank heavens!), but when I try a GSSAPI bind with
ldapsearch I get:
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Invalid credentials (49)
additional info: SASL(-13): authentication failure: GSSAPI
Failure: gss_accept_sec_context
Heimdal seems to be installed properly (per Quanah's recommendation,
it's a snapshot from CVS) , and indeed I can get and have tickets.
Heimdal's klist gives me this:
Credentials cache: FILE:/tmp/krb5cc_25022_t4AWP0
Principal: benp@REED.EDU
Issued Expires Principal
Feb 28 12:29:33 Feb 28 19:09:33 krbtgt/REED.EDU@REED.EDU
Feb 28 12:31:37 Feb 28 19:09:33 ldap/MYSERVER.reed.edu@REED.EDU
I get the same results (Invalid credentials) if I specify a dn with
which to bind.
Might this be sasl regex related? My sasl-regex lines in slapd.conf
look like:
sasl-regexp
uid=(.*),cn=reed.edu,cn=gssapi,cn=auth
uid=$1,ou=Person,dc=reed,dc=edu
I found what appeared to be someone with the same problem earlier on the
list, but the thread went nowhere:
http://www.openldap.org/lists/openldap-software/200302/msg00591.html
Any suggestions would be very much appreciated!
Ben
--
---------------------------------------------------------------------------
Ben Poliakoff email: <benp@reed.edu>
Reed College tel: (503)-788-6674
Unix System Administrator PGP key: http://www.reed.edu/~benp/key.html
---------------------------------------------------------------------------
0x6AF52019 fingerprint = A131 F813 7A0F C5B7 E74D C972 9118 A94D 6AF5 2019