Date: Wed, 25 Aug 2010 22:34:27 +0300 From: "Reko Turja" <reko.turja@liukuma.net> To: =?iso-8859-1?Q?LeonMe=DFner?= <l.messner@physik.tu-berlin.de>, <freebsd-questions@freebsd.org> Subject: Re: openldap-sasl fails after 8.1 upgrade Message-ID: <1DA6D3678D2745999DA4F00266376495@rivendell> In-Reply-To: <20100825160404.GF3762@emmi.physik-pool.tu-berlin.de> References: <20100825160404.GF3762@emmi.physik-pool.tu-berlin.de>
next in thread | previous in thread | raw e-mail | index | archive | help
Sadly the GSSAPI/Kerberos has been broken in 8.x for a good while now.=20 You can either install the heimdal or MIT port, although getting that=20 to work in stead of the base can be messy. kern/147454 PR actually has a working fix, although I'm not sure if it=20 applies cleanly as it's pretty big - I managed to get working GSSAPI=20 with it on 8.1 PRERELEASE. See also discussion at=20 http://lists.freebsd.org/pipermail/freebsd-stable/2010-July/057734.html -Reko -------------------------------------------------- From: "LeonMe=DFner" <l.messner@physik.tu-berlin.de> Sent: Wednesday, August 25, 2010 7:04 PM To: <freebsd-questions@freebsd.org> Subject: openldap-sasl fails after 8.1 upgrade > Hi, > > after binary upgrading to freebsd8.1 from 7.2 i encounter an error > with openldap24, cyrus-sasl2 and kerberos: > > # ldapsearch uid=3Dwhatever > SASL/GSSAPI authentication started > ldap_sasl_interactive_bind_s: Other (e.g., implementation specific) > error (80) > additional info: SASL(-1): generic failure: GSSAPI Error: No > credentials were supplied, or the credentials were unavailable or > inaccessible. (unknown mech-code 0 for mech unknown) > > Simple binding to the ldap server does work. The KDC behind this is > still on kerberos 0.6.3 (FreeBSD7.3) and there have been reported > Problems with such a setup, but as i can login through ssh and=20 > kerberos > i suppose these [1] don't apply here (also already tested the=20 > proposed > changes). > > If anybody got any insight please share. > > Thanks in Advance, > Leon > > [1] > = http://lists.freebsd.org/pipermail/freebsd-stable/2009-October/052217.htm= l > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to=20 > "freebsd-questions-unsubscribe@freebsd.org" > =20
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1DA6D3678D2745999DA4F00266376495>