[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Need SASL idiot-proof walkthrough

It is also well explained in my howto:


Common mistakes for SASL GSSAPI:

-You need a principal called ldap/FQDN@YOURREALM.COM and a keytab for this
principal which must be in:
/etc/krb5.keytab or /etc/krb5/krb5.keytab or /etc/kerberos/krb5.keytab
depending on what OS you are using and how kerberos was compiled.

-Make sure you have a link from /usr/lib/sasl2 to wherever the sasl
libraries were installed (Mines are in /opt/local/lib/sasl2.

I have a full example of the sample-client and sample-server on my



Diego Julian Remolina
System Administrator
School of Mathematics
Georgia Institute of Technology

On Fri, 26 Mar 2004, Quanah Gibson-Mount wrote:

> --On Friday, March 26, 2004 10:21 AM -0600 Digant Kasundra <digant@uta.edu>
> wrote:
> > Hello everyone,
> >
> > So far, no one has been able to decipher my SASL problem from my postings
> > of log files and conf files etc.  I have even cleanly reinstalled my
> > machines. There is something basic and simple and stupid that I must be
> > missing.  Can someone please give me a step-by-step walkthrough based on
> > the following information so I could make doubly sure that I am doing
> > things properly?
> >
> > I have a KDC (running MIT KRB) on labrador.kerb.uta.edu.  I have an
> > OpenLDAP 2.2.7 box running on omicron.kerb.uta.edu. I have a realm
> > KERB.UTA.EDU.  I have a user dn: uid=digant,cn=people,dc=uta,dc=edu.
> >
> > An idiot-proof walkthrough would really help and I *KNOW* that's asking a
> > lot out of people and I wholely apologize for that.  I've done it on my
> > own and no one can see a problem with the way I did it but it still
> > doesn't work.  So if someone can give me a step by step on which
> > principals to create, what entry to create in the LDAP and what to put in
> > the slapd.conf (and any other important steps), I promise I will buy you
> > a pizza!
> Digant,
> Have you compiled the test server/client that comes with Cyrus-SASL to
> verify that it authenticates correctly via GSSAPI at that level?
> See this link:
> <http://www.ipnet6.org/src/cyrus-sasl-2/doc/gssapi.html>
> --Quanah
> --
> Quanah Gibson-Mount
> Principal Software Developer
> ITSS/TSS/Computing Systems
> ITSS/TSS/Infrastructure Operations
> Stanford University
> GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html