[Date Prev][Date Next] [Chronological] [Thread] [Top]

SASL proxy auth problem

Hi folks,

Thanks to Pierangelo's last reply, I now know what I suspected: that my consumer servers are configured to authenticate to their providers using SASL/GSSAPI, but that sometimes they don't do this, especially with proxy authorization. I've documented the entire install process:

   * OpenLDAP provider with MIT Kerberos V on Debian squeeze

   * OpenLDAP consumer with MIT Kerberos V on Debian squeeze

The last time I followed these instructions to the letter, proxy authorization worked. Now I've booted up the same machines again a few days later and it no longer works: the consumer still uses SASL to bind with the provider for replication, but it uses a SIMPLE bind for proxy authorization. Of course that results in an error. Yet, the configuration seems unchanged.

Has anyone else experienced this problem?



PS -- If anyone is interested, I can supply plenty of details. See also my post of 12/24/2010 03:25:51 AM CET with subject "No ProxyAuthz with SASL-GSSAPI?"