Hintermayer Johannes wrote:
Hi all, currently I'm battling with FDS, Kerberos and SASL to get a working Single-Sign-On setup. At the moment I have a working Kerberos Realm to which I can successfully connect. I also have a working FDS with one user for testing purposes. Saslauthd is also configured and executing testsaslauthd is ok. But now I have problems to convince FDS to authenticate users via Kerberos. I have read http://directory.fedoraproject.org/wiki/Howto:Kerberos and http://www.redhat.com/docs/manuals/dir-server/ag/7.1/ssl.html#1083165 but I don't think it's that simple. At least it's not yet working forme.When I try to bind to FDS via GSSAPI the following error occurs: #klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: bsmith@xxxxxxx#ldapsearch -Y GSSAPI -D "uid=bsmith,ou=People,dc=afb,dc=lan" -v ldap_initialize( <DEFAULT> )SASL/GSSAPI authentication started ldap_sasl_interactive_bind_s: Invalid credentials (49) additional info: SASL(-1): generic failure: GSSAPI Error: Miscellaneous failure (Permission denied)
Does the user that FDS runs as have read access to your keytab, /etc/krb5.keytab?
rob
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
