[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: OpenLDAP / SASL / Heimdal



Andreas Haupt wrote:

>Am Montag, 7. Juni 2004 15:02 schrieb Love:
>  
>
>>Andreas Haupt <andreas.haupt@hmi.de> writes:
>>    
>>
>>>Hello,
>>>
>>>I'm trying to setup OpenLDAP with SASL2 and Heimdal. When trying to
>>>authenticate I get the following error in the log files:
>>>
>>>2004-06-07T11:43:01 TGS-REQ blh@HMI.DE from IPv4:134.30.5.92 for
>>>ldap/ dice.hmi.de@HMI.DE
>>>2004-06-07T11:43:01 TGS-REQ blh@HMI.DE from IPv4:134.30.5.92 for
>>>ldap/ dice.hmi.de@HMI.DE
>>>2004-06-07T11:43:01 Decoding transited encoding: KDC policy rejects
>>>request
>>>2004-06-07T11:43:01 Decoding transited encoding: KDC policy rejects
>>>request
>>>2004-06-07T11:43:01 sending 115 bytes to IPv4:134.30.5.92
>>>2004-06-07T11:43:01 sending 115 bytes to IPv4:134.30.5.92
>>>
>>>I don't have a clue what this means and how I can avoid the
>>>problem... Heimdal server is version 0.6 (SuSE 9.0).
>>>      
>>>
>>Can you but a breakpoint in krb5_domain_x500_decode() and print out the
>>second argument tr (and that data stored in tr->data) ?
>>
>>If you don't know how to do this, I can send you the options you should
>>build heimdal with and the commands in gdb.
>>    
>>
>
>Well, as I wrote in another posting it is related to a SuSE security 
>update. I did not compile heimdal on my own. But if you want I can fetch 
>the new source rpm an recompile it.
>
>  
>
>>Can you try to build heimdal-0.6.2 yourself and see if you still have
>>the problem ?
>>    
>>
>
>I have a SuSE 9.1 box here with version 0.6.1rc3 installed (also SuSE 
>package). Would it help you?
>
>I actually don't want to compile it on my own here, because I want to take 
>advantage of SuSE's security updates. But if they end in this way, I'm 
>not so convinced of it any more...
>
>  
>
This is an endless process, you can't catch up all the fix in your whole 
life. Make a regular update will be fine.

sam