Am 21.01.2011 17:17, schrieb Dan White: > On 21/01/11 17:06 +0100, Thomas Schweikle wrote: >> Am 21.01.2011 16:02, schrieb Dan White: >>> See the FAQ entry on OpenLDAP+SASL+GSSAPI at: >>> >>> http://www.cyrusimap.org/mediawiki/index.php/FAQ >>> >> >> This refers to "pluginviewer": >> This program doesn't exist on the system. What package is it in on >> debian/ubuntu? > > On Debian based systems, it's renamed as saslpluginviewer. It's > located in > the sasl2-bin package. The GSSAPI mechanism is installed in one of: > > libsasl2-modules-gssapi-heimdal > libsasl2-modules-gssapi-mit
Package sasl2-bin wasn't installed, libsasl2-modules-gssapi-mit was.
Now I have:
Plugin "gssapiv2" [loaded], API version: 4
SASL mechanism: GSSAPI, best SSF: 56
security flags:
NO_ANONYMOUS|NO_PLAINTEXT|NO_ACTIVE|PASS_CREDENTIALS|MUTUAL_AUTH
features:
WANT_CLIENT_FIRST|PROXY_AUTHENTICATION|NEED_SERVER_FQDN
#ldapsearch -LLL -x -H ldap://srv.example.com -s "base" -b ""
supportedSASLMechanisms
dn:
supportedSASLMechanisms: GSSAPI
#ldapsearch -Y GSSAPI -LLL -H ldap://srv.example.com -s "base" -b ""
supportedSASLMechanisms
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Other (e.g., implementation specific)
error (80)
additional info: SASL(-1): generic failure: GSSAPI Error:
Unspecified GSS failure. Minor code may provide more information
(Permission denied)
Within the credentials cache:
#klist
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: [email protected]
Valid starting Expires Service principal
01/21/11 11:32:03 01/21/11 21:32:03 krbtgt/[email protected]
renew until 01/22/11 11:31:58
01/21/11 16:20:04 01/21/11 21:32:03 host/[email protected]
renew until 01/22/11 11:31:58
01/21/11 16:46:15 01/21/11 21:32:03 ldap/[email protected]
renew until 01/22/11 11:31:58
I keep getting Permission Denied errors.
--
Thomas
signature.asc
Description: OpenPGP digital signature
