Hi Howard,
Based on my logs, the problem doesn't seem to be in slapd (so I won't
bother you with my slapd.conf unless someone asks), but in saslauthd.
I tried running saslauthd in debug mode but unfortunately it is entirely
unhelpful.
saslauthd has nothing to do with GSSAPI authentication; it is only used
for plaintext password-based authentication mechanisms. It looks like
your slapd process doesn't have permission to read krb5.conf or its keytab.
My slapd is being run with -g openldap -u openldap, and
# ls -l /etc/krb5.conf /etc/ldap/ldap.keytab
-rw-r--r-- 1 root root 409 2006-11-15 10:47 /etc/krb5.conf
-rw-r----- 1 root openldap 188 2006-11-17 15:35 /etc/ldap/ldap.keytab
However, I'm not entirely sure how slapd knows it's supposed to use
/etc/ldap/ldap.keytab, is that configurable?
Thanks,
Michael
