Michael Goetze wrote:
Hi,
I'm trying to authenticate to OpenLDAP using the libsasl2-gssapi-mit
Debian package.. So I
wrote in /etc/default/saslauthd:
Here is what happens:
----- Shell Session --------------------------------
% klist -5
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: mgoetze@xxxxxxxxxxxxxxxxxxxx
Valid starting Expires Service principal
11/17/06 19:43:27 11/18/06 05:43:27
krbtgt/KERBEROS.MGOETZE.NET@xxxxxxxxxxxxxxxxxxxx
renew until 11/18/06 19:43:24
% ldapsearch
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Internal (implementation specific) error
(80)
additional info: SASL(-1): generic failure: GSSAPI Error:
Miscellaneous
failure (Permission denied)
Based on my logs, the problem doesn't seem to be in slapd (so I won't
bother you with my slapd.conf unless someone asks), but in saslauthd.
I tried running saslauthd in debug mode but unfortunately it is entirely
unhelpful.
Can anyone tell me what I'm doing wrong, or at least how to get saslauthd
to tell me what I'm doing wrong?
saslauthd has nothing to do with GSSAPI authentication; it is only used
for plaintext password-based authentication mechanisms. It looks like
your slapd process doesn't have permission to read krb5.conf or its keytab.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/
