Re: Cannot start kerberos signing/sealing when using TLS/SSL

8 Dec 2008

      Jeremiah Martell wrote:
...
I'm using openldap, cyrus-sasl, heimdal, and openssl.
And apparently they are all working correctly.
...
I use the standard kerberos "kinit" tool to get my TGT, this is successful.
I use the standard openldap "ldapsearch" tool to attempt to do a
LDAP+GSSAPI over TLS (cert level "demand") search, and I get two
errors.
The first error is an "inappropriate auth", which seems to come from openldap.
The second error is "Cannot start kerberos signing/sealing when using
TLS/SSL", which seems to come from GSSAPI-land.
Interesting facts:

This fails against Windows 2003 AD.

Questions about why Microsoft AD is broken belong in a Microsoft forum.
...

But succeeds against a BSD box running an openldap server.

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

Re: Cannot start kerberos signing/sealing when using TLS/SSL