[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Trying to get passthrough auth working with OpenLDAP and Kerberos

To: "openldap-technical@openldap.org" <openldap-technical@openldap.org>
Subject: Re: Trying to get passthrough auth working with OpenLDAP and Kerberos
From: Chastity Blackwell <chas@aggregateknowledge.com>
Date: Thu, 26 Jan 2012 15:46:55 -0800
In-reply-to: <4F21E489.40903@symas.com>
References: <1327522485.16182.17.camel@localhost.localdomain> <20120125221601.GI4556@dan.olp.net> <1327607031.16182.20.camel@localhost.localdomain> <20120126202313.GE4618@dan.olp.net> <1327614786.16182.23.camel@localhost.localdomain> <4F21D1E9.2090706@raffaelsahli.com> <4F21D5F4.6010908@symas.com> <1327619494.30600.1.camel@localhost.localdomain> <4F21E489.40903@symas.com>

On Thu, 2012-01-26 at 18:40 -0500, Howard Chu wrote:
> Does kinit work for your chas@KRBTEST user? Judging from what you've pasted 
> here, I don't think it should. Get your basic Kerberos installation working 
> first. Take things one step at a time.

It does:

[chas@ldapsandbox log]$ ldapwhoami
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Local error (-2)
	additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified
GSS failure.  Minor code may provide more information (Unknown code krb5
195)
[chas@ldapsandbox log]$ kinit chas
Password for chas@KRBTEST: 
[chas@ldapsandbox log]$ ldapwhoami
SASL/GSSAPI authentication started
SASL username: chas@KRBTEST
SASL SSF: 56
SASL installing layers
dn:uid=chas,ou=people,dc=test,dc=com
Result: Success (0)
[chas@ldapsandbox log]$ 

As I said, I think Kerberos and LDAP are all working on their own...it's
the combination of the two doing the SASL passthrough that is
confounding me.

Follow-Ups:
- Re: Trying to get passthrough auth working with OpenLDAP and Kerberos
  - From: Howard Chu <hyc@symas.com>

References:
- Trying to get passthrough auth working with OpenLDAP and Kerberos
  - From: Chastity Blackwell <chas@aggregateknowledge.com>
- Re: Trying to get passthrough auth working with OpenLDAP and Kerberos
  - From: Dan White <dwhite@olp.net>
- Re: Trying to get passthrough auth working with OpenLDAP and Kerberos
  - From: Chastity Blackwell <chas@aggregateknowledge.com>
- Re: Trying to get passthrough auth working with OpenLDAP and Kerberos
  - From: Dan White <dwhite@olp.net>
- Re: Trying to get passthrough auth working with OpenLDAP and Kerberos
  - From: Chastity Blackwell <chas@aggregateknowledge.com>
- Re: Trying to get passthrough auth working with OpenLDAP and Kerberos
  - From: Raffael Sahli <public@raffaelsahli.com>
- Re: Trying to get passthrough auth working with OpenLDAP and Kerberos
  - From: Howard Chu <hyc@symas.com>
- Re: Trying to get passthrough auth working with OpenLDAP and Kerberos
  - From: Chastity Blackwell <chas@aggregateknowledge.com>
- Re: Trying to get passthrough auth working with OpenLDAP and Kerberos
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: Openldap 2.4.28 master/slave crash after upgrade?
Next by Date: Re: Trying to get passthrough auth working with OpenLDAP and Kerberos
Index(es):
- Chronological
- Thread