As part of my quest to get OpenLDAP to authenticate via Kerberos, I'm
following the steps (roughly) here:
https://help.ubuntu.com/community/Kerberos
I'm stuck at the bit where the SASL installation is tested with the
sample server and client. I'm using the version included in Ubuntu
10.04.2: 2.1.23.
Here's what happens:
$ sasl-sample-server -m GSSAPI -s ldap
Forcing use of mechanism GSSAPI
Sending list of 1 mechanism(s)
S: R1NTQVBJ
Waiting for client mechanism...
meanwhile... (the S:... i've pasted)
$ sasl-sample-client -s ldap -n thebe.bitglue.com -u bob
service=ldap
Waiting for mechanism list from server...
S: R1NTQVBJ
sasl-sample-client: Decoding data from base64: another step is needed in
authentication
I've also tried not forcing GSSAPI:
$ sasl-sample-server -s ldap
Generating client mechanism list...
Sending list of 7 mechanism(s)
S: R1NTQVBJIE5UTE0gRElHRVNULU1ENSBMT0dJTiBQTEFJTiBBTk9OWU1PVVMgQ1JBTS1NRDU=
Waiting for client mechanism...
$ sasl-sample-client -s ldap -u bob
service=ldap
Waiting for mechanism list from server...
S: R1NTQVBJIE5UTE0gRElHRVNULU1ENSBMT0dJTiBQTEFJTiBBTk9OWU1PVVMgQ1JBTS1NRDU=
sasl-sample-client: Decoding data from base64: bad protocol / cancel
It seems to me that if it can't even get past sending the list of
mechanisms I must be doing something very wrong, but I have no idea
what. Can anyone please provide a hint?