GSSAPI / SASL problems of sasl2-bin on Ubuntu 10.04.4
Dan White
dwhite at olp.net
Wed Jul 11 09:58:53 EDT 2012
On 07/11/12 16:01 +0800, John/SML wrote:
>Hi Dan,
>
>When I check the Kerberos messages, TGS-REP shows :-
>
>TGS-REP
>Client realm : SML.CITIZEN.CO.JP
>Client name (Principal): host/imapsv04.sml.citizen.co.jp
>Name-type: Principal(1)
>Name: host
>Name: imapsv04.sml.citizen.co.jp
1. What command or event was occurring while this was captured?
2. Are the KDC and OpenLDAP servers the same in both cases (is it just the
client that has changed)?
3. What ldapwhoami command are you using (please include all command line
options)?
host/<hostname> is standard for operations performed while running as root
on a given host. If this was generated while performing an ldapwhoami, then
your klist should show:
#~ klist
Credentials cache: FILE:/tmp/krb5cc_0
Principal: host/imapsv04.sml.citizen.co.jp at SML.CITIZEN.CO.JP
Issued Expires Principal
...
What service ticket was in the corresponding TGS-REQ? Was there a request
for a ldap/a.b.c at B.C ticket? Does it exist in your KDC database?
>On the working system (Heimdal 1.0.1 + SASL 2.1.22) , the TGS-REP should
>be my
>Kerberos principal :-
>
>TGS-REP
>Client realm : SML.CITIZEN.CO.JP
>Client name (Principal): john
>Name-type: Principal(1)
>Name: john
>Ticket : ......
> Server name (service and host): ldap/tunis.pvd.citizen.co.jp
>.....
--
Dan White
More information about the Cyrus-sasl
mailing list