* Quanah Gibson-Mount <quanah@stanford.edu> [030428 17:24]:
> Ben,
>
> We use SASL/GSSAPI with our OpenLDAP servers w/o problem.
Yes, so I've seen! :)
> I can give you the following suggestions:
>
Thanks for your suggestions. Thanks also for spotting the srvtab line
in my slapd.conf, that certainly had no business being there!
I modeled my slapd.conf sasl configs after yours and added the
KRB5_TKNAME variable to my start up file, I'm using the most permissive
ACLs possible right now until I get the authentication stuff working
properly.
Unfortunately with all of these changes I'm still seeing the same
problem:
[benp@thingone openldap]$ ldapwhoami
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Invalid credentials (49)
additional info: SASL(-13): authentication failure: GSSAPI
Failure: gss_accept_sec_context
[benp@thingone openldap]$ /usr/local/heimdal/bin/klist
Credentials cache: FILE:/tmp/krb5cc_25022_XsJjpG
Principal: benp@REED.EDU
Issued Expires Principal
Apr 29 09:46:24 Apr 29 19:46:24 krbtgt/REED.EDU@REED.EDU
Apr 29 09:46:29 Apr 29 19:46:24 ldap/thingone.reed.edu@REED.EDU
[benp@thingone openldap]$
Ben
--
---------------------------------------------------------------------------
Ben Poliakoff email: <benp@reed.edu>
Reed College tel: (503)-788-6674
Unix System Administrator PGP key: http://www.reed.edu/~benp/key.html
---------------------------------------------------------------------------
0x6AF52019 fingerprint = A131 F813 7A0F C5B7 E74D C972 9118 A94D 6AF5 2019
Attachment:
pgpfMDFppRlfK.pgp
Description: PGP signature