Re: OpenLDAP / SASL / Heimdal

[Andreas Haupt <andreas.haupt@hmi.de>]

Am Montag, 7. Juni 2004 15:02 schrieb Love:
> Andreas Haupt <andreas.haupt@hmi.de> writes:
> > Hello,
> >
> > I'm trying to setup OpenLDAP with SASL2 and Heimdal. When trying to
> > authenticate I get the following error in the log files:
> >
> > 2004-06-07T11:43:01 TGS-REQ blh@HMI.DE from IPv4:134.30.5.92 for
> > ldap/ dice.hmi.de@HMI.DE
> > 2004-06-07T11:43:01 TGS-REQ blh@HMI.DE from IPv4:134.30.5.92 for
> > ldap/ dice.hmi.de@HMI.DE
> > 2004-06-07T11:43:01 Decoding transited encoding: KDC policy rejects
> > request
> > 2004-06-07T11:43:01 Decoding transited encoding: KDC policy rejects
> > request
> > 2004-06-07T11:43:01 sending 115 bytes to IPv4:134.30.5.92
> > 2004-06-07T11:43:01 sending 115 bytes to IPv4:134.30.5.92
> >
> > I don't have a clue what this means and how I can avoid the
> > problem... Heimdal server is version 0.6 (SuSE 9.0).
>
> Can you but a breakpoint in krb5_domain_x500_decode() and print out the
> second argument tr (and that data stored in tr->data) ?
>
> If you don't know how to do this, I can send you the options you should
> build heimdal with and the commands in gdb.

Well, as I wrote in another posting it is related to a SuSE security 
update. I did not compile heimdal on my own. But if you want I can fetch 
the new source rpm an recompile it.

> Can you try to build heimdal-0.6.2 yourself and see if you still have
> the problem ?

I have a SuSE 9.1 box here with version 0.6.1rc3 installed (also SuSE 
package). Would it help you?

I actually don't want to compile it on my own here, because I want to take 
advantage of SuSE's security updates. But if they end in this way, I'm 
not so convinced of it any more...

> Love

Greetings
Andreas

-- 
| Andreas Haupt                    | E-Mail:  andreas.haupt@hmi.de
| Hahn-Meitner-Institut (DN)       | WWW:
| Glienicker Straße 100            | Phone:   +49/30/8062-2597
| 14109 Berlin                     | Fax:     +49/30/8062-2096