[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: syncreply & sasl (gssapi)





--On Tuesday, May 30, 2006 4:31 PM +0200 Bernd Schubert <bernd.schubert@pci.uni-heidelberg.de> wrote:

Hi,

if I run on the failover system 'kinit ldapadmin-h2' syncreply works -
until  the ticket experies. After the ticket is expired or if I didn't
get a ticket  via kinit, syncreply fails.
How can I make slapd to get a ticket itself?

syncrepl rid=123
                provider=ldap://hamilton1.pci.uni-heidelberg.de
                type=refreshOnly
                interval=00:00:01:00
                schemachecking=off
                updatedn="uid=ldapadmin-h2,cn=gssapi,cn=auth"
                bindmethod=sasl saslmech=GSSAPI
                authcId=host/hamilton2.pci.uni-heidelberg.de
#               credentials=XXXXXXXXX

I tried to give the password using credentials=password_in_cleartext, but
it  didn't help.

The slapd version is from debian sarge (2.2.23).

This question is not specific to OpenLDAP, but instead to kerberos in general.


I suggest using kstart:

<http://www.eyrie.org/~eagle/software/kstart/>

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html