[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: gssapi service principal



--On Wednesday, November 30, 2005 6:25 AM -0600 Alex Moore <asmoore@edge.net> wrote:

Does slapd or sasl build the kerberos5 service principle?

On Solaris, I am getting a service principal without the fully
qualified domain name.  Like ldap/hostname@MY.REALM, instead of
ldap/hostname.openldap.org@MY.REALM

I would imagine there is something wrong with your kerberos configuration then.

Mine are all correctly defined:

tribes:~> klist
Ticket cache: FILE:/tmp/krb5cc_54046_fUj222
Default principal: quanah@stanford.edu

Valid starting Expires Service principal
11/29/05 09:41:34 11/30/05 10:41:33 krbtgt/stanford.edu@stanford.edu
11/29/05 10:58:16 11/30/05 10:41:33 host/ldap-test0.stanford.edu@stanford.edu
11/29/05 12:04:26 11/30/05 10:41:33 host/ldap-dev0.stanford.edu@stanford.edu
11/29/05 12:13:36 11/30/05 10:41:33 host/ldap-dev1.stanford.edu@stanford.edu
11/29/05 12:38:08 11/30/05 10:41:33 host/ldap-dev2.stanford.edu@stanford.edu
11/29/05 15:51:56 11/30/05 10:41:33 host/ldap-dev3.stanford.edu@stanford.edu
11/29/05 17:06:47 11/30/05 10:41:33 ldap/ldap9.stanford.edu@stanford.edu
11/29/05 17:07:02 11/30/05 10:41:33 ldap/ldap8.stanford.edu@stanford.edu
11/29/05 17:11:09 11/30/05 10:41:33 ldap/ldap4.stanford.edu@stanford.edu
11/29/05 17:12:56 11/30/05 10:41:33 ldap/ldap5.stanford.edu@stanford.edu
11/29/05 17:19:38 11/30/05 10:41:33 ldap/ldap-dev0.stanford.edu@stanford.edu
11/29/05 17:51:50 11/30/05 10:41:33 ldap/ldap-dev2.stanford.edu@stanford.edu
11/29/05 18:24:53 11/30/05 10:41:33 ldap/ldap-dev1.stanford.edu@stanford.edu
11/29/05 22:06:23 11/30/05 10:41:33 host/ldap9.stanford.edu@stanford.edu


--Quanah


--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html