--On Friday, February 27, 2009 1:39 PM -0600 Dan White <dwhite@xxxxxxx>
wrote:
Xavier Ambrosioni wrote:
Hi,
thank you for your help.
I solved my problem. The /etc/krb5.keytab file was not readable by
openLDAP daemon. Now everything is ok in local but when I tried
ldapsearch command in remote from my client (iMac running leopard
10.5.6) I get the following error:
ldap_sasl_interactive_bind_s: Invalid credentials (49)
additional info: SASL(-13): authentication failure: GSSAPI
Failure: gss_accept_sec_context
In the openldap log's file I can see:
Feb 27 18:04:20 passrlsrv slapd[9861]: SASL [conn=16] Failure: GSSAPI
Error: Miscellaneous failure (see text) (Decrypt integrity check
failedxt))
I've seen this sort of error using SASL/GSSAPI connections with cyrus-sasl
when linked against MIT kerberos. For a number of reasons, it has been my
strong opinion that people should only use a cyrus-sasl build linked
against Heimdal Kerberos with their OpenLDAP server build.
--Quanah
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration
