openldap-sasl fails after 8.1 upgrade
Reko Turja
reko.turja at liukuma.net
Wed Aug 25 19:34:32 UTC 2010
Sadly the GSSAPI/Kerberos has been broken in 8.x for a good while now.
You can either install the heimdal or MIT port, although getting that
to work in stead of the base can be messy.
kern/147454 PR actually has a working fix, although I'm not sure if it
applies cleanly as it's pretty big - I managed to get working GSSAPI
with it on 8.1 PRERELEASE.
See also discussion at
http://lists.freebsd.org/pipermail/freebsd-stable/2010-July/057734.html
-Reko
--------------------------------------------------
From: "LeonMeßner" <l.messner at physik.tu-berlin.de>
Sent: Wednesday, August 25, 2010 7:04 PM
To: <freebsd-questions at freebsd.org>
Subject: openldap-sasl fails after 8.1 upgrade
> Hi,
>
> after binary upgrading to freebsd8.1 from 7.2 i encounter an error
> with openldap24, cyrus-sasl2 and kerberos:
>
> # ldapsearch uid=whatever
> SASL/GSSAPI authentication started
> ldap_sasl_interactive_bind_s: Other (e.g., implementation specific)
> error (80)
> additional info: SASL(-1): generic failure: GSSAPI Error: No
> credentials were supplied, or the credentials were unavailable or
> inaccessible. (unknown mech-code 0 for mech unknown)
>
> Simple binding to the ldap server does work. The KDC behind this is
> still on kerberos 0.6.3 (FreeBSD7.3) and there have been reported
> Problems with such a setup, but as i can login through ssh and
> kerberos
> i suppose these [1] don't apply here (also already tested the
> proposed
> changes).
>
> If anybody got any insight please share.
>
> Thanks in Advance,
> Leon
>
> [1]
> http://lists.freebsd.org/pipermail/freebsd-stable/2009-October/052217.html
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
>
More information about the freebsd-questions
mailing list