Hi,
I just tested SASL 2.1.18, change the host and service name to be the
same name during the testing of the sample client and server, it
actually added the new principles to the kerberos cache (running Heimdal
Kerberos 5, the latest version as I downloaded today).
The klist shown the following new principles had been added to the
kerberos cache:
[EMAIL PROTECTED] [7:26pm] [...cyrus-sasl-2.1.18/sample]# klist
Credentials cache: FILE:/tmp/krb5cc_0
Principal: [EMAIL PROTECTED]
Issued Expires Principal Jun 3
17:17:53 Jun 3 23:57:53 krbtgt/[EMAIL PROTECTED] Jun 3 17:18:53
Jun 3 23:57:53 host/[EMAIL PROTECTED]
Jun 3 18:46:25 Jun 3 23:57:53 root/[EMAIL PROTECTED]
Jun 3 19:15:24 Jun 3 23:57:53 sam/[EMAIL PROTECTED]
The last three Principals were added during the test of sample client
and server in Cyrul-sasl 2.1.18.
But but the test still returned error such as:
lt-sample-client: SASL Other: GSSAPI Error: A token was invalid
(Unknown error: 0)
lt-sample-client: Performing SASL negotiation: generic failure
What should I do to fix this problem? I m afraid this will bring in
other problem when I further configure OpenLdap.
Thanks
sam
The Shell wrote:
> Hi,
>
> I finally got GSSAPI compiled with SASL, but error occured when
testing the sample client and server.
> The klist command of Heimdal Kerberos 5 shown the following priciples:
> [EMAIL PROTECTED] [5:13pm] [...cyrus-sasl-2.1.18/sample]# klist
> Credentials cache: FILE:/tmp/krb5cc_0
> Principal: [EMAIL PROTECTED]
> Issued Expires Principal Jun 3
17:17:53 Jun 3 23:57:53 krbtgt/[EMAIL PROTECTED] Jun 3 17:18:53
Jun 3 23:57:53 host/[EMAIL PROTECTED]
> [EMAIL PROTECTED] [5:31pm] [...cyrus-sasl-2.1.18/sample]#
>
> Message from the sample server::
> ./sample-server -s host -p ../plugins/.libs
> .......
> got 'GSSAPI'
> Sending response...
> S:
YGwGCSqGSIb3EgECAgIAb10wW6ADAgEFoQMCAQ+iTzBNoAMCARCiRgREAEQM3hY7ovvFlIeYJwJOZzxv+NwWaQnhoHi6007SbsVDMiJfeHZpYU/PHelUTE6CwS46H8N10ObrvAAwKDzXXb2nIh0=
> Waiting for client reply...
> ^C
> [EMAIL PROTECTED] [5:22pm] [...cyrus-sasl-2.1.18/sample]#
>
> Message from sample client:
> ./sample-client -s host -n fbsd.rock.com -u root -p ../plugins/.libs
> .....
> C:
> Waiting for server reply...
> S:
YGwGCSqGSIb3EgECAgIAb10wW6ADAgEFoQMCAQ+iTzBNoAMCARCiRgREAEQM3hY7ovvFlIeYJwJOZzxv+NwWaQnhoHi6007SbsVDMiJfeHZpYU/PHelUTE6CwS46H8N10ObrvAAwKDzXXb2nIh0=
> recieved 110 byte message
> lt-sample-client: SASL Other: GSSAPI Error: A token was invalid
(Unknown error: 0)
> lt-sample-client: Performing SASL negotiation: generic failure
> [EMAIL PROTECTED] [5:21pm] [...cyrus-sasl-2.1.18/sample]#
>
> I m using the latest version of Cyrus-sasl, Heimdal Kerberos in
FreeBSD 5.2.1
> thanks
> sam
>
>
>
> eBSD4.9, the slave is openldap-2.1.22 on RH-7.3.
>
> So, it looks like the master is sending ldifs via slurpd to the
slave, and the slave is refusing to make the modifications, possibly due
to a hardcoded schema.
>
>
> The slurpd reject file looks like this:
>
> ERROR: entryCSN: no user modification allowed
> replica: ldap:0
> time: 1086269077.0
> dn: uid=myuser,ou=radius,dc=mydomain,dc=com
> changetype: modify
> replace: userPassword
> userPassword:: ********
> -
> replace: entryCSN
> entryCSN: 2004060313:24:37Z#0x0001#0#0000
> -
> replace: modifiersName
> modifiersName: uid=myadmin,dc=mydomain,dc=com
> -
> replace: modifyTimestamp
> modifyTimestamp: 20040603132437Z
>
>
> slurpd shows:
>
> Initializing session to ldap:0
> bind to ldap:0 as uid=myadmin,dc=mydomain,dc=com (simple)
> request 1 done
> replica ldap:0 - modify dn "uid=myuser,ou=radius,dc=mydomain,dc=com"
> request 2 done
> Error: ldap_modify_s failed modifying "entryCSN: no user modification
allowed": uid=myuser,ou=radius,dc=domain,dc=com
> Error: ldap operation failed, data written to
"/var/db/openldap-slurp/replica/ldap:0.rej"
>
>
>
> Have I missed something? Is it obvious what's wrong?
>
> Thanks,
>
> Gavin
>
>
________________________________________________
Kerberos mailing list [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos
