--On Monday, February 02, 2009 8:31 PM -0500 Frank Swasey Frank.Swasey@uvm.edu wrote:
Today at 4:16pm, Quanah Gibson-Mount wrote:
--On Monday, February 02, 2009 3:13 PM -0500 Francis Swasey Frank.Swasey@uvm.edu wrote:
We've finally reached the point in replacing our old authentication system that I'm attempting to get GSSAPI working with our ldap.uvm.edu system.
Good luck. :) The only way I ever got this working was via software load balancing on round-robin DNS, where the virtual name would resolve to the actual host.
LVS is a software load balancer. What software load balancer did you use that also used DNS round-robin (or am I completely confused in my understanding of what you just wrote)?
Something custom that stanford wrote. ;)
http://www.eyrie.org/~eagle/software/lbcd/
But what it doesn't do is make use the LB name when it does the actual bind, as it gets translated into the real host.
Fresh ticket cache:
tribes:~> klist Ticket cache: FILE:/tmp/krb5cc_54046 Default principal: quanah@stanford.edu
Valid starting Expires Service principal 02/03/09 08:33:09 02/04/09 09:33:07 krbtgt/stanford.edu@stanford.edu 02/03/09 08:33:09 02/04/09 09:33:07 afs/ir.stanford.edu@stanford.edu
Kerberos 4 ticket cache: /tmp/tkt54046 klist: You have no tickets cached
ldapsearch:
tribes:~> ldapsearch -h ldap1 uid=quanah uid SASL/GSSAPI authentication started SASL username: quanah@stanford.edu SASL SSF: 56 SASL installing layers ...
Now the ticket cache has ldap/ldap1: tribes:~> klist Ticket cache: FILE:/tmp/krb5cc_54046 Default principal: quanah@stanford.edu
Valid starting Expires Service principal 02/03/09 08:33:09 02/04/09 09:33:07 krbtgt/stanford.edu@stanford.edu 02/03/09 08:33:09 02/04/09 09:33:07 afs/ir.stanford.edu@stanford.edu 02/03/09 08:33:59 02/04/09 09:33:07 ldap/ldap1.stanford.edu@stanford.edu
Kerberos 4 ticket cache: /tmp/tkt54046 klist: You have no tickets cached
And here's the actual record for ldap.stanford.edu:
tribes:~> host -t txt ldap ldap.Stanford.EDU CNAME ldap.best.Stanford.EDU ldap.best.Stanford.EDU TXT " 150/1.000 ldap3.stanford.edu" !!! ldap.best.Stanford.EDU TXT record has zero ttl ldap.best.Stanford.EDU TXT " 150/1.000 ldap1.stanford.edu" !!! ldap.best.Stanford.EDU TXT record has zero ttl ldap.best.Stanford.EDU TXT " 150/1.000 ldap4.stanford.edu" !!! ldap.best.Stanford.EDU TXT record has zero ttl ldap.best.Stanford.EDU TXT " 120/1.000 ldap2.stanford.edu" !!! ldap.best.Stanford.EDU TXT record has zero ttl
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration