[Date Prev][Date Next]
Re: Cannot start kerberos signing/sealing when using TLS/SSL
Jeremiah Martell wrote:
I'm using openldap, cyrus-sasl, heimdal, and openssl.
And apparently they are all working correctly.
I use the standard kerberos "kinit" tool to get my TGT, this is successful.
I use the standard openldap "ldapsearch" tool to attempt to do a
LDAP+GSSAPI over TLS (cert level "demand") search, and I get two
The first error is an "inappropriate auth", which seems to come from openldap.
The second error is "Cannot start kerberos signing/sealing when using
TLS/SSL", which seems to come from GSSAPI-land.
- This fails against Windows 2003 AD.
Questions about why Microsoft AD is broken belong in a Microsoft forum.
- But succeeds against a BSD box running an openldap server.
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/