On Thu, 2012-01-26 at 18:40 -0500, Howard Chu wrote:
Does kinit work for your chas@KRBTEST user? Judging from what you've pasted here, I don't think it should. Get your basic Kerberos installation working first. Take things one step at a time.
It does:
[chas@ldapsandbox log]$ ldapwhoami SASL/GSSAPI authentication started ldap_sasl_interactive_bind_s: Local error (-2) additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Unknown code krb5 195) [chas@ldapsandbox log]$ kinit chas Password for chas@KRBTEST: [chas@ldapsandbox log]$ ldapwhoami SASL/GSSAPI authentication started SASL username: chas@KRBTEST SASL SSF: 56 SASL installing layers dn:uid=chas,ou=people,dc=test,dc=com Result: Success (0) [chas@ldapsandbox log]$
As I said, I think Kerberos and LDAP are all working on their own...it's the combination of the two doing the SASL passthrough that is confounding me.