openldap-sasl fails after 8.1 upgrade

Reko Turja reko.turja at
Wed Aug 25 19:34:32 UTC 2010

Sadly the GSSAPI/Kerberos has been broken in 8.x for a good while now. 
You can either install the heimdal or MIT port, although getting that 
to work in stead of the base can be messy.

kern/147454 PR actually has a working fix, although I'm not sure if it 
applies cleanly as it's pretty big - I managed to get working GSSAPI 
with it on 8.1 PRERELEASE.

See also discussion at


From: "LeonMeßner" <l.messner at>
Sent: Wednesday, August 25, 2010 7:04 PM
To: <freebsd-questions at>
Subject: openldap-sasl fails after 8.1 upgrade

> Hi,
> after binary upgrading to freebsd8.1 from 7.2 i encounter an error
> with openldap24, cyrus-sasl2 and kerberos:
> # ldapsearch uid=whatever
> SASL/GSSAPI authentication started
> ldap_sasl_interactive_bind_s: Other (e.g., implementation specific)
> error (80)
>        additional info: SASL(-1): generic failure: GSSAPI Error:  No
> credentials were supplied, or the credentials were unavailable or
> inaccessible. (unknown mech-code 0 for mech unknown)
> Simple binding to the ldap server does work. The KDC behind this is
> still on kerberos 0.6.3 (FreeBSD7.3) and there have been reported
> Problems with such a setup, but as i can login through ssh and 
> kerberos
> i suppose these [1] don't apply here (also already tested the 
> proposed
> changes).
> If anybody got any insight please share.
> Thanks in Advance,
> Leon
> [1]
> _______________________________________________
> freebsd-questions at mailing list
> To unsubscribe, send any mail to 
> "freebsd-questions-unsubscribe at"


More information about the freebsd-questions mailing list