[Date Prev][Date Next] [Chronological] [Thread] [Top]

ldap GSSAPI access

I have a couple of hosts that are not behind a proxy/NAT including ldaps
servers. Now gssapi auth works fine and everything for them and I get
access (and I know gssapi is working because a ldap/FQDN ticket is in my
klist afterwards).

Now I have a bunch of other clients behind the NAT, and I have the ldap
servers stradling the outside and inside networks. Meaning they have a
presence on the internal network for the clients, I get addressless krb5
tickets and try to do gssapi auth and it fails,

[root@tirpitz ~]# ldapsearch -Y GSSAPI
ldap_sasl_interactive_bind_s: Unknown authentication method (86)
        additional info: SASL(-4): no mechanism available: No worthy
mechs found

[root@tirpitz ~]# ldapsearch -x -s base -LLL -b ""
supportedSASLMechanisms: GSSAPI
supportedSASLMechanisms: DIGEST-MD5
supportedSASLMechanisms: CRAM-MD5

But when I run, the supportedSASLMechanisms search as above, I get
GSSAPI as supported. The command works fine on normal outside hosts but
not on inside ones... 

Any suggestions?

Derek T. Yarnell
University of Maryland
Computer Science Department Unix Staff