ldap_sasl_interactive_bind_s: Unknown authentication method (-6)

Dan White dwhite at olp.net
Fri Aug 15 21:39:02 EDT 2008


Chavez, James R. wrote:
> Hello all,
> I am trying to run an ldapwhami on a client box and I receive this
> message. 
> #ldapwhoami
> ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
>         additional info: SASL(-4): no mechanism available: No worthy
> mechs found.
>
> On my LDAP server I get the correct messages such as..
>
> # ldapwhoami
> SASL/GSSAPI authentication started
> SASL username: firs_last at TEST.EXAMPLE.COM
> SASL SSF: 56
> SASL installing layers
> dn:uid=first_last,cn=gssapi,cn=auth
> Result: Success (0)
>
>
>
> I have read the Cyrus-SASL Administartor's guide but I must admit I am a
> bit lost. How can I make the CYRUS GSSAPI work between client and
> server. Do I need to set the SASL_MECH somewhere? If so where? 
>   

You may be missing the GSSAPI mechanism on your client system.

To verify, try running 'pluginviewer'. If you don't see GSSAPI listed, 
you're probably missing the shared library, or don't have it installed 
correctly.

To force the openldap client tools to use a specific mechanism, use the 
'-Y' command line option:

ldapwhoami -Y GSSAPI

To verify that the server is making the GSSAPI mechanism available (over 
the transport you're using), try:

ldapsearch -x -H -LLL -s "base" -b "" supportedSASLMechanisms

- Dan


More information about the Cyrus-sasl mailing list