[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: problem with SASL authentication and Kerberos

On Wed, 2004-04-07 at 13:39, Jeffrey Layton wrote:
> I have a rather odd situation with OpenLDAP, GSSAPI, and SASL. I
> recently changed my Kerberos KDC from MIT kerberos to Heimdal, and at
> the same time, changed my Kerberos realm name. Prior to this I had
> everything working fine.

With a hint, I figured out the problem. I had changed everything over
except for the reverse lookups in my DNS domain. Those still pointed
to the old domain. When I fixed that, the krbtgt request problem was
fixed. Moral of this story: DNS matters when dealing with LDAP/SASL/GSSAPI.

-- Jeff