On Wednesday 10 September 2008 21:16:29 Hauke Coltzau wrote:
Hi all,
Wow, it seems to be done ;-)
To put it in a nutshell:
apt-get purge MIT-Kerberos*
apt-get install Heimdal*
tried and failed, tried and failed, ...
apt-get purge heimdal*, cyrus*, openldap*
apt-get libssl-dev and libdb dev packages
got cyrus, openldap and heimdal tarballs
configured, compiled, tested, failed, configured, compiled, tested, failed, conf.......... ...... ...... ... --- ... ... --- ... configured, compiled, succeeded!
Followed well known configuration instructions
This was most likely the key ...
Voila!
ldapsearch -Y GSSAPI works
ldaps works (without client verification, did not solve that yet, server verification works fine)
login with kerberos authentication works (with proxy ticket for the machine, this way I avoid having PLAIN username/password send to slapd)
su, id, etc. works
Seems, as if doing it by hand is still the best way ;-)
Funny, but it works out-the-box on Mandriva ...
BTW, I found that sometimes you need to look at the KDC logs to see what is happening on the Kerberos side (e.g., you may have reverse DNS records wrong, which would show up in the KDC logs etc.).
Regards, Buchan