[Date Prev][Date Next]
Re: errant SASL/GSSAPI setup?
--On Wednesday, August 30, 2006 10:19 AM -0400 "Allan E. Johannesen"
I've been using rootdn passwords over TLS with slurpd and since switching
to syncrepl. Seeing a posting by Quanah Gibson-Mount
<firstname.lastname@example.org> some weeks ago about k5start and KRB5CCNAME, I was
inspired to try to make the switch.
I grabbed kstart-3.5 and installed it and installed a sasl-regexp in the
So far, everything looks good. An update went through and the ldap
ticket was established. However, after the ticket expires, a subsequent
update does not take place and a new ldap ticket isn't obtained.
I'd take a look at why you haven't set up kstart to continually refresh the
ticket, so that it never expires... That's part of the point of using it.
See daemontools. Here is the ticket I use with daemontools to continually
keep the K5 ticket active.
# /service/k5start/run -- Run kstart to maintain our ticket for LDAP binds.
# $Id: run,v 1.2 2006/08/03 20:02:07 quanah Exp $
exec /usr/bin/k5start -u ldap -i $HOSTNAME -r stanford.edu \
-f /etc/krb5.keytab -k /var/run/ldap_syncreplica.tkt -l 10h -K 30
Principal Software Developer
ITS/Shared Application Services
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html