Hintermayer Johannes wrote: > Hi all, > > currently I'm battling with FDS, Kerberos and SASL to get a working > Single-Sign-On setup. > > At the moment I have a working Kerberos Realm to which I can > successfully connect. I also have a working FDS with one user for > testing purposes. Saslauthd is also configured and executing > testsaslauthd is ok. > > But now I have problems to convince FDS to authenticate users via > Kerberos. I have read > http://directory.fedoraproject.org/wiki/Howto:Kerberos and > http://www.redhat.com/docs/manuals/dir-server/ag/7.1/ssl.html#1083165 > but I don't think it's that simple. At least it's not yet working for > me. > > When I try to bind to FDS via GSSAPI the following error occurs: > > #klist > Ticket cache: FILE:/tmp/krb5cc_0 > Default principal: bsmith at AFB.LAN > > #ldapsearch -Y GSSAPI -D "uid=bsmith,ou=People,dc=afb,dc=lan" -v > ldap_initialize( <DEFAULT> ) > SASL/GSSAPI authentication started > ldap_sasl_interactive_bind_s: Invalid credentials (49) > additional info: SASL(-1): generic failure: GSSAPI Error: > Miscellaneous failure (Permission denied) Does the user that FDS runs as have read access to your keytab, /etc/krb5.keytab? rob -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20070725/c04509e2/attachment.bin
