Problem authenticating to OpenLDAP via GSSAPI
Michael Goetze
mgoetze at mgoetze.net
Wed Nov 22 23:09:33 EST 2006
Hi Howard,
>> Based on my logs, the problem doesn't seem to be in slapd (so I won't
>> bother you with my slapd.conf unless someone asks), but in saslauthd.
>> I tried running saslauthd in debug mode but unfortunately it is entirely
>> unhelpful.
>>
> saslauthd has nothing to do with GSSAPI authentication; it is only used
> for plaintext password-based authentication mechanisms. It looks like
> your slapd process doesn't have permission to read krb5.conf or its keytab.
My slapd is being run with -g openldap -u openldap, and
# ls -l /etc/krb5.conf /etc/ldap/ldap.keytab
-rw-r--r-- 1 root root 409 2006-11-15 10:47 /etc/krb5.conf
-rw-r----- 1 root openldap 188 2006-11-17 15:35 /etc/ldap/ldap.keytab
However, I'm not entirely sure how slapd knows it's supposed to use
/etc/ldap/ldap.keytab, is that configurable?
Thanks,
Michael
More information about the Cyrus-sasl
mailing list