[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Trying to get passthrough auth working with OpenLDAP and Kerberos

On Thu, 2012-01-26 at 18:40 -0500, Howard Chu wrote:
> Does kinit work for your chas@KRBTEST user? Judging from what you've pasted 
> here, I don't think it should. Get your basic Kerberos installation working 
> first. Take things one step at a time.

It does:

[chas@ldapsandbox log]$ ldapwhoami
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Local error (-2)
	additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified
GSS failure.  Minor code may provide more information (Unknown code krb5
[chas@ldapsandbox log]$ kinit chas
Password for chas@KRBTEST: 
[chas@ldapsandbox log]$ ldapwhoami
SASL/GSSAPI authentication started
SASL username: chas@KRBTEST
SASL installing layers
Result: Success (0)
[chas@ldapsandbox log]$ 

As I said, I think Kerberos and LDAP are all working on their own...it's
the combination of the two doing the SASL passthrough that is
confounding me.