Problem authenticating to OpenLDAP via GSSAPI

Michael Goetze mgoetze at mgoetze.net
Wed Nov 22 23:09:33 EST 2006


Hi Howard,

>> Based on my logs, the problem doesn't seem to be in slapd (so I won't
>> bother you with my slapd.conf unless someone asks), but in saslauthd.
>> I tried running saslauthd in debug mode but unfortunately it is entirely
>> unhelpful.
>>
> saslauthd has nothing to do with GSSAPI authentication; it is only used 
> for plaintext password-based authentication mechanisms. It looks like 
> your slapd process doesn't have permission to read krb5.conf or its keytab.

My slapd is being run with -g openldap -u openldap, and

# ls -l /etc/krb5.conf /etc/ldap/ldap.keytab
-rw-r--r-- 1 root root     409 2006-11-15 10:47 /etc/krb5.conf
-rw-r----- 1 root openldap 188 2006-11-17 15:35 /etc/ldap/ldap.keytab

However, I'm not entirely sure how slapd knows it's supposed to use 
/etc/ldap/ldap.keytab, is that configurable?

Thanks,
Michael


More information about the Cyrus-sasl mailing list