[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: OpenLDAP / SASL / Heimdal
Am Montag, 7. Juni 2004 12:42 schrieb Andreas Haupt:
> Hello,
>
> I'm trying to setup OpenLDAP with SASL2 and Heimdal. When trying to
> authenticate I get the following error in the log files:
>
> 2004-06-07T11:43:01 TGS-REQ blh@HMI.DE from IPv4:134.30.5.92 for ldap/
> dice.hmi.de@HMI.DE
> 2004-06-07T11:43:01 TGS-REQ blh@HMI.DE from IPv4:134.30.5.92 for ldap/
> dice.hmi.de@HMI.DE
> 2004-06-07T11:43:01 Decoding transited encoding: KDC policy rejects
> request
> 2004-06-07T11:43:01 Decoding transited encoding: KDC policy rejects
> request
> 2004-06-07T11:43:01 sending 115 bytes to IPv4:134.30.5.92
> 2004-06-07T11:43:01 sending 115 bytes to IPv4:134.30.5.92
>
> I don't have a clue what this means and how I can avoid the problem...
> Heimdal server is version 0.6 (SuSE 9.0).
It seems this is related to the latest security update done by SuSE. After
downgrading I got another (not so crypted) error:
blh@dice:~> ldapsearch -x -H ldap://dice.hmi.de/ -b "" -s base -LLL
supportedSASLMechanisms
dn:
supportedSASLMechanisms: GSSAPI
blh@dice:~> ldapwhoami -H ldap://dice.hmi.de/ -D "cn=dice,dc=hmi,dc=de" -Y
GSSAPI
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Invalid credentials (49)
additional info: SASL(-13): authentication failure: GSSAPI
Failure: gss_accept_sec_context
blh@dice:~> klist
Credentials cache: FILE:/tmp/krb5cc_10296
Principal: blh@HMI.DE
Issued Expires Principal
Jun 7 13:07:21 Jun 8 14:07:21 krbtgt/HMI.DE@HMI.DE
Jun 7 13:32:38 Jun 8 14:07:21 ldap/dice.hmi.de@HMI.DE
blh@dice:~>
So I got a ticket. The rest is hopefully not complicated...
Greetings
Andreas
--
| Andreas Haupt | E-Mail: andreas.haupt@hmi.de
| Hahn-Meitner-Institut (DN) | WWW:
| Glienicker Straße 100 | Phone: +49/30/8062-2597
| 14109 Berlin | Fax: +49/30/8062-2096