[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Using Heimdal Kerberos with OpenLDAP and Windows

To: heimdal <heimdal-discuss@sics.se>
Subject: Using Heimdal Kerberos with OpenLDAP and Windows
From: Dave Snoopy <kingsnoopy7@yahoo.com>
Date: Mon, 24 Jun 2002 11:31:46 -0700 (PDT)
Sender: owner-heimdal-discuss@sics.se

Hi,

Up until recently, I have been using OpenLDAP's
ldapsearch tool with MIT Kerberos to do secure LDAP
queries against Active Directory. This has worked
fine. However, recently I decided to switch to Heimdal
Kerberos. I recompiled Cyrus SASL and OpenLDAP with
Heimdal Kerberos with no problems. When I now run my
query though (after doing a kinit), I get this error:

ldap_sasl_interactive_bind_s: Local error (82)
        additional info: SASL(-1): generic failure:
GSSAPI Error:  Miscellaneous failure (see text) (KDC
has no support for checksum type)

I can see on my network that Heimdal is sending out a
TGS-REQ, and my Windows KDC is responding with the
error KRB5KDC_ERR_SUMTYPE_NOSUPP. My guess is that I
need to put something special in my Heimdal krb5.conf
file to make this work. Any suggestions?

As a side note, when using ldapsearch with MIT
Kerberos authentication, there is no explicit TGS-REQ
made that I can see on the network. ldapsearch just
goes immediately into its bind process (via Cyrus
SASL).

Thanks,
Dave

__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com

Prev by Date: Re: Configuration: ldap-database
Next by Date: Interoperability with MIT client using afs3-salt
Prev by thread: Re: init REALM with backend ldap
Next by thread: Interoperability with MIT client using afs3-salt
Index(es):
- Date
- Thread