I have both those files, however, not sure if the permissions are set correctly:
frisbee# ls -l /etc/krb5* -rw-r--r-- 1 root wheel 128 Aug 7 14:09 /etc/krb5.conf -rw------- 1 root wheel 286 Aug 7 16:01 /etc/krb5.keytab
As far as the keytab files goes, I used this to create it:
frisbee# kadmin -l kadmin> ext ldap/frisbee.crazy.lan kadmin> exit
Just to clarify, ldap and kerberos are running on the same machine (frisbee.crazy.lan).
Also here's the contents of krb5.conf just to catch any errors you may find:
frisbee# cat /etc/krb5.conf [libdefaults] default_realm = CRAZY.LAN
[logging] kdc = 0/FILE:/var/log/kdc.log kdc = 1-/SYSLOG:INFO:USER default = STDERR
I have the proper DNS settings for kerberos, here's my BIND setup:
frisbee IN A 192.168.1.5 _kerberos._udp IN SRV 01 00 88 frisbee.crazy.lan. _kerberos._tcp IN SRV 01 00 88 frisbee.crazy.lan. _kpasswd._udp IN SRV 01 00 464 frisbee.crazy.lan. _kerberos-adm._tcp IN SRV 01 00 749 frisbee.crazy.lan. _kerberos IN TXT CRAZY.LAN
On Tue, Aug 11, 2009 at 4:42 PM, Howard Chu hyc@symas.com wrote:
Dieter Kluenter wrote:
Allancr4z3d@gmail.com writes:
Seems like slapd is linked to gssapi and sasl. Are there simply command
line options I'm missing to start up slapd?
frisbee# ldd /usr/local/libexec/slapd /usr/local/libexec/slapd: libldap_r-2.4.so.6 => /usr/local/lib/libldap_r-2.4.so.6 (0x2820b000) liblber-2.4.so.6 => /usr/local/lib/liblber-2.4.so.6 (0x28250000) libdb-4.6.so.0 => /usr/local/lib/libdb-4.6.so.0 (0x2825d000) libsasl2.so.2 => /usr/local/lib/libsasl2.so.2 (0x28385000) libgssapi.so.9 => /usr/lib/libgssapi.so.9 (0x2839c000)
This seem to be different libraries than the sasl libraries, as below:
/usr/local/lib/sasl2/libgssapiv2.a
/usr/local/lib/sasl2/libgssapiv2.la /usr/local/lib/sasl2/libgssapiv2.so /usr/local/lib/sasl2/libgssapiv2.so.2
These usually are dynamically loaded by libsasl2, so they would never be directly linked into the slapd (or any other) binaries.
Most likely the gssapi plugin is not initializing itself, maybe because there is no krb5.conf file, or because there is no keytab with slapd's key inside, or the files are not readable by slapd, etc...
-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/