SASL + Kerberos + OpenLDAP issue
Quanah Gibson-Mount
quanah at zimbra.com
Fri Feb 27 14:44:32 EST 2009
--On Friday, February 27, 2009 1:39 PM -0600 Dan White <dwhite at olp.net>
wrote:
> Xavier Ambrosioni wrote:
>> Hi,
>>
>> thank you for your help.
>> I solved my problem. The /etc/krb5.keytab file was not readable by
>> openLDAP daemon. Now everything is ok in local but when I tried
>> ldapsearch command in remote from my client (iMac running leopard
>> 10.5.6) I get the following error:
>>
>> ldap_sasl_interactive_bind_s: Invalid credentials (49)
>> additional info: SASL(-13): authentication failure: GSSAPI
>> Failure: gss_accept_sec_context
>>
>> In the openldap log's file I can see:
>>
>> Feb 27 18:04:20 passrlsrv slapd[9861]: SASL [conn=16] Failure: GSSAPI
>> Error: Miscellaneous failure (see text) (Decrypt integrity check
>> failedxt))
I've seen this sort of error using SASL/GSSAPI connections with cyrus-sasl
when linked against MIT kerberos. For a number of reasons, it has been my
strong opinion that people should only use a cyrus-sasl build linked
against Heimdal Kerberos with their OpenLDAP server build.
--Quanah
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration
More information about the Cyrus-sasl
mailing list