openldap-sasl fails after 8.1 upgrade

Reko Turja reko.turja at liukuma.net
Wed Aug 25 19:34:32 UTC 2010


Sadly the GSSAPI/Kerberos has been broken in 8.x for a good while now. 
You can either install the heimdal or MIT port, although getting that 
to work in stead of the base can be messy.

kern/147454 PR actually has a working fix, although I'm not sure if it 
applies cleanly as it's pretty big - I managed to get working GSSAPI 
with it on 8.1 PRERELEASE.

See also discussion at 
http://lists.freebsd.org/pipermail/freebsd-stable/2010-July/057734.html

-Reko

--------------------------------------------------
From: "LeonMeßner" <l.messner at physik.tu-berlin.de>
Sent: Wednesday, August 25, 2010 7:04 PM
To: <freebsd-questions at freebsd.org>
Subject: openldap-sasl fails after 8.1 upgrade

> Hi,
>
> after binary upgrading to freebsd8.1 from 7.2 i encounter an error
> with openldap24, cyrus-sasl2 and kerberos:
>
> # ldapsearch uid=whatever
> SASL/GSSAPI authentication started
> ldap_sasl_interactive_bind_s: Other (e.g., implementation specific)
> error (80)
>        additional info: SASL(-1): generic failure: GSSAPI Error:  No
> credentials were supplied, or the credentials were unavailable or
> inaccessible. (unknown mech-code 0 for mech unknown)
>
> Simple binding to the ldap server does work. The KDC behind this is
> still on kerberos 0.6.3 (FreeBSD7.3) and there have been reported
> Problems with such a setup, but as i can login through ssh and 
> kerberos
> i suppose these [1] don't apply here (also already tested the 
> proposed
> changes).
>
> If anybody got any insight please share.
>
> Thanks in Advance,
> Leon
>
> [1]
> http://lists.freebsd.org/pipermail/freebsd-stable/2009-October/052217.html
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to 
> "freebsd-questions-unsubscribe at freebsd.org"
>

 



More information about the freebsd-questions mailing list