[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL/GSSAPI: ldap_sasl_interactive_bind_s: Local error (-2)

On Sun, Dec 14, 2008 at 11:31 AM, Michael StrÃder <michael@stroeder.com> wrote: 
Did you obtain a TGT before? What's the output of command klist?

Ciao, Michael.

I did obtain a TGT with kinit:

cameron@gimli:~$ klist
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: cameron@LOCAL

Valid starting     Expires            Service principal
12/14/08 00:40:14  12/14/08 10:40:14  krbtgt/LOCAL@LOCAL
    renew until 12/15/08 00:40:12

There is an entry for ldap/ldap.local@LOCAL in /etc/krb5.keytab, and openldap has permission to
read it, but it isn't giving me a ticket when I connect as various articles on the internet implied it should. Additionally,
strace-ing ldap didn't show it opening or reading the keytab (if it should), nor doing anything else SASL
related other than loading the libraries.

Cameron Harris