[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL added principles to Kerberos cache but returned error.

--On Thursday, June 03, 2004 10:06 PM +0800 The Shell <samwun@hgcbroadband.com> wrote:


I just tested SASL 2.1.18, change the host and service name to be the
same name during the testing of the sample client and server, it actually
added the new principles to the kerberos cache (running Heimdal Kerberos
5, the latest version as I downloaded today).
The klist shown the following new principles had been added to the
kerberos cache:

root@fbsd [7:26pm] [...cyrus-sasl-2.1.18/sample]# klist
Credentials cache: FILE:/tmp/krb5cc_0
       Principal: sam@ROCK.COM

 Issued           Expires          Principal               Jun  3
17:17:53  Jun  3 23:57:53  krbtgt/ROCK.COM@ROCK.COM  Jun  3 17:18:53  Jun
3 23:57:53  host/fbsd.rock.com@ROCK.COM
Jun  3 18:46:25  Jun  3 23:57:53  root/fbsd.rock.com@ROCK.COM
Jun  3 19:15:24  Jun  3 23:57:53  sam/fbsd.rock.com@ROCK.COM

The last three Principals were added during the test of sample client and
server in Cyrul-sasl 2.1.18.
But but the test still returned error such as:
lt-sample-client: SASL Other: GSSAPI Error:  A token was invalid (Unknown
error: 0)
lt-sample-client: Performing SASL negotiation: generic failure

What should I do to fix this problem? I m afraid this will bring in other
problem when I further configure OpenLdap.


Until you fully get cyrus-sasl working, you need to move your discussion to the list dedicated to answering questions about problems with Cyrus-SASL. This list is purposed to OpenLDAP, not Cyrus-SASL.



For more information.


Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html