More information:
I can kinit to realm A, and then use ldapsearch -Y GSSAPI to access the ldap directory in realm A.
I cannot kinit to realm B, and then use ldapsearch -Y GSSAPI to access
the ldap directory in realm A. (Even though there's a trust between the
realms B and A)
However, I can first kinit to B, use kvno to manually get a ticket for
the ldap directory in realm A (kvno ldap/domainA@realmA), and then use
ldapsearch -Y GSSAPI to access the ldap directory in realm A.
Another nugget of information is that the ldapsearch that comes
standard with my linux box (Fedora) works fine. I kinit to realm B,
ldapsearch on realm A, and it all works. But when I create my own
ldapsearch with (heimdal, cyrus-sasl, openldap) I run into the above
problem. I can't think of what I could be doing wrong though.
Any ideas?
- Jeremiah
inlovewithGod@gmail.com
On 9/24/05,
Buck Huppmann <buckh@pobox.com
> wrote:On Fri, Sep 23, 2005 at 11:13:44AM -0400, Jeremiah Martell wrote:
> Buck,
>
> Thanks again.
>
> I will definitely try what you suggested. I do have a copy of kinit and
> klist on my Linux box. However, I noticed that I can't find the kinit and
> klist that is built by heimdal. I've looked in the install directory I gave
> heimdal's configure, but it's not there. Am I missing something?
sorry. can't help you there, unless you have a log of your build
process and config.log and config.status