[Date Prev][Date Next]
Re: Need SASL idiot-proof walkthrough
It is also well explained in my howto:
Common mistakes for SASL GSSAPI:
-You need a principal called ldap/FQDN@YOURREALM.COM and a keytab for this
principal which must be in:
/etc/krb5.keytab or /etc/krb5/krb5.keytab or /etc/kerberos/krb5.keytab
depending on what OS you are using and how kerberos was compiled.
-Make sure you have a link from /usr/lib/sasl2 to wherever the sasl
libraries were installed (Mines are in /opt/local/lib/sasl2.
I have a full example of the sample-client and sample-server on my
Diego Julian Remolina
School of Mathematics
Georgia Institute of Technology
On Fri, 26 Mar 2004, Quanah Gibson-Mount wrote:
> --On Friday, March 26, 2004 10:21 AM -0600 Digant Kasundra <firstname.lastname@example.org>
> > Hello everyone,
> > So far, no one has been able to decipher my SASL problem from my postings
> > of log files and conf files etc. I have even cleanly reinstalled my
> > machines. There is something basic and simple and stupid that I must be
> > missing. Can someone please give me a step-by-step walkthrough based on
> > the following information so I could make doubly sure that I am doing
> > things properly?
> > I have a KDC (running MIT KRB) on labrador.kerb.uta.edu. I have an
> > OpenLDAP 2.2.7 box running on omicron.kerb.uta.edu. I have a realm
> > KERB.UTA.EDU. I have a user dn: uid=digant,cn=people,dc=uta,dc=edu.
> > An idiot-proof walkthrough would really help and I *KNOW* that's asking a
> > lot out of people and I wholely apologize for that. I've done it on my
> > own and no one can see a problem with the way I did it but it still
> > doesn't work. So if someone can give me a step by step on which
> > principals to create, what entry to create in the LDAP and what to put in
> > the slapd.conf (and any other important steps), I promise I will buy you
> > a pizza!
> Have you compiled the test server/client that comes with Cyrus-SASL to
> verify that it authenticates correctly via GSSAPI at that level?
> See this link:
> Quanah Gibson-Mount
> Principal Software Developer
> ITSS/TSS/Computing Systems
> ITSS/TSS/Infrastructure Operations
> Stanford University
> GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html