On Sun, Dec 14, 2008 at 11:31 AM, Michael Ströder <span dir="ltr">&lt;<a href="mailto:michael@stroeder.com">michael@stroeder.com</a>&gt;</span> wrote:&nbsp;<div class="gmail_quote"><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Did you obtain a TGT before? What&#39;s the output of command klist?<br>
<br>
Ciao, Michael.<br>
</blockquote></div><br>I did obtain a TGT with kinit:<br><br>cameron@gimli:~$ klist<br>Ticket cache: FILE:/tmp/krb5cc_1000<br>Default principal: cameron@LOCAL<br><br>Valid starting&nbsp;&nbsp;&nbsp;&nbsp; Expires&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Service principal<br>

12/14/08 00:40:14&nbsp; 12/14/08 10:40:14&nbsp; krbtgt/LOCAL@LOCAL<br>
&nbsp;&nbsp;&nbsp; renew until 12/15/08 00:40:12<br>
<br>There is an entry for ldap/ldap.local@LOCAL in /etc/krb5.keytab, and openldap has permission to<br>read it, but it isn&#39;t giving me a ticket when I connect as various articles on the internet implied it should. Additionally,<br>
strace-ing ldap didn&#39;t show it opening or reading the keytab (if it should), nor doing anything else SASL <br>related other than loading the libraries.<br><br>Thanks,<br>Cameron Harris<br>