[Date Prev][Date Next]
Re: OpenLDAP + Kerberos on FreeBSD 7.2, close to working but not quite
I have both those files, however, not sure if the permissions are set correctly:
frisbee# ls -l /etc/krb5*
-rw-r--r-- 1 root wheel 128 Aug 7 14:09 /etc/krb5.conf
-rw------- 1 root wheel 286 Aug 7 16:01 /etc/krb5.keytab
As far as the keytab files goes, I used this to create it:
frisbee# kadmin -l
kadmin> ext ldap/frisbee.crazy.lan
Just to clarify, ldap and kerberos are running on the same machine (frisbee.crazy.lan).
Also here's the contents of krb5.conf just to catch any errors you may find:
frisbee# cat /etc/krb5.conf
default_realm = CRAZY.LAN
kdc = 0/FILE:/var/log/kdc.log
kdc = 1-/SYSLOG:INFO:USER
default = STDERR
I have the proper DNS settings for kerberos, here's my BIND setup:
frisbee IN A 192.168.1.5
_kerberos._udp IN SRV 01 00 88 frisbee.crazy.lan.
_kerberos._tcp IN SRV 01 00 88 frisbee.crazy.lan.
_kpasswd._udp IN SRV 01 00 464 frisbee.crazy.lan.
_kerberos-adm._tcp IN SRV 01 00 749 frisbee.crazy.lan.
_kerberos IN TXT CRAZY.LAN
On Tue, Aug 11, 2009 at 4:42 PM, Howard Chu <email@example.com>
These usually are dynamically loaded by libsasl2, so they would never be directly linked into the slapd (or any other) binaries.
Dieter Kluenter wrote:
Seems like slapd is linked to gssapi and sasl. Are there simply command line
options I'm missing to start up slapd?
frisbee# ldd /usr/local/libexec/slapd
libldap_r-2.4.so.6 => /usr/local/lib/libldap_r-2.4.so.6 (0x2820b000)
liblber-2.4.so.6 => /usr/local/lib/liblber-2.4.so.6 (0x28250000)
libdb-4.6.so.0 => /usr/local/lib/libdb-4.6.so.0 (0x2825d000)
libsasl2.so.2 => /usr/local/lib/libsasl2.so.2 (0x28385000)
libgssapi.so.9 => /usr/lib/libgssapi.so.9 (0x2839c000)
This seem to be different libraries than the sasl libraries, as below:
Most likely the gssapi plugin is not initializing itself, maybe because there is no krb5.conf file, or because there is no keytab with slapd's key inside, or the files are not readable by slapd, etc...
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/