Failing at 1st test-the-SASL-server steps

Sean O'Malley omalleys at msu.edu
Fri Sep 5 11:14:31 EDT 2008


It is better in the fact, you are pretty sure you have a configuration
issue and you are connecting :)

You may need -u <username> for the client piece which corresponds to your
kerberos principal.

You actually need '-s slapd' and a corresponding slapd.conf
in /usr/lib/sasl2/slapd.conf

that simply reads something like:
mech_list: GSSAPI

I can't find my notes atm. but that should give you a couple of more
things to try.

On Fri, 5 Sep 2008, Ric wrote:

> Hi Sean,
>
> On Fri, 05 Sep 2008 06:33:47 -0700 Sean O'Malley <omalleys at msu.edu>
> wrote:
> >To test this you want to use cyrus_sasl_sample_client and
> >cyrus_sasl_sample_server in your case they emulate the ldap client
> >and
> >ldap server.
>
> Yes, I understand that.  You may have missed, per my OP, that I
> _am_ using "cyrus_sasl_sample_server" ...
>
> >You really want something more along the lines of:
> >cyrus_sasl_sample_server -p 389 -s ldap -m GSSAPI
> >cyrus_sasl_sample_client -p 389 -s ldap -m GSSAPI localhost
>
>
> Ok, so port (-p) *is* port.  Thanks. That really is confusing in
> the 'examples' ...
>
> Trying this
>
>     cyrus_sasl_sample_client -p 389 -s ldap -m GSSAPI
> dirsvr.domain.com
>
> I no longer get the 'error' as before.  @ console, there's just no
> further ouput ... it just sits there.
>
> In syslog, all I see is:
>
>     Sep  5 06:43:40 auth slapd[29998]: conn=2 fd=11 ACCEPT from
> IP=10.0.1.16:55993 (IP=10.0.1.16:389)
>
> So, a different result, yes. But 'better'?  I'm not sure ...
>
> Ric
>
> --
> Love chocolate? Click now and indulge your passion!
> http://tagline.hushmail.com/fc/Ioyw6h4e5I5WvzG2ZAaB83xicVDs2zemqhjc9885xih7K9dUmYKQlv/
>
>

--------------------------------------
  Sean O'Malley, Information Technologist
  Michigan State University
-------------------------------------



More information about the Cyrus-sasl mailing list