From owner-freebsd-questions@FreeBSD.ORG Wed Jan 19 20:59:14 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A7FA31065672 for ; Wed, 19 Jan 2011 20:59:14 +0000 (UTC) (envelope-from me@janh.de) Received: from mailhost.uni-hamburg.de (mailhost.uni-hamburg.de [134.100.32.155]) by mx1.freebsd.org (Postfix) with ESMTP id 31E308FC1B for ; Wed, 19 Jan 2011 20:59:13 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mailhost.uni-hamburg.de (Postfix) with ESMTP id 14DA49003B; Wed, 19 Jan 2011 21:59:13 +0100 (CET) X-Virus-Scanned: by University of Hamburg (RRZ/mailhost) Received: from mailhost.uni-hamburg.de ([127.0.0.1]) by localhost (mailhost.uni-hamburg.de [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 4g8J-jPqbQzD; Wed, 19 Jan 2011 21:59:13 +0100 (CET) Received: from pc911.math.uni-hamburg.de (pc911.math.uni-hamburg.de [134.100.220.198]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) (Authenticated sender: fmjv004) by mailhost.uni-hamburg.de (Postfix) with ESMTPSA id EF39490013; Wed, 19 Jan 2011 21:59:12 +0100 (CET) Message-ID: <4D3750B0.4010802@janh.de> Date: Wed, 19 Jan 2011 21:59:28 +0100 From: Jan Henrik Sylvester User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; en-US; rv:1.9.2.13) Gecko/20101219 Thunderbird/3.1.7 MIME-Version: 1.0 To: questions-list freebsd Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Hajimu UMEMOTO Subject: ldap with GSSAPI using security/cyrus-sasl2 with security/heimdal? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Jan 2011 20:59:14 -0000 Earlier I tried GSSAPI authentication for ldap against heimdal in 8.1-RELEASE base and failed. Now I tried again with security/heimdal. I got: security/heimdal security/cyrus-sasl2 with HEIMDAL_HOME=/usr/local/ net/openldap24-server with WITH_SASL When I first tried "ldapmodify -Z -Y GSSAPI -I -D -H ldap://", I got: ldap_sasl_interactive_bind_s: Unknown authentication method (-6) additional info: SASL(-4): no mechanism available: No worthy mechs found In /var/log/auth.log, I found for slapd and ldapmodify: unable to dlopen /usr/local/lib/sasl2/libgssapiv2.so.2: /usr/local/lib/sasl2/libgssapiv2.so.2: Undefined symbol "gss_nt_service_name" I found this discussion: http://www.mail-archive.com/heimdal-discuss@sics.se/msg00126.html Not sure what might be wrong with configure, I added the following line to config.h after running "make configure" and before "make": #define HAVE_GSS_C_NT_HOSTBASED_SERVICE 1 With security/cyrus-sasl2 compiled that way, I do not get the "Undefined symbol" starting slapd anymore. Now ldapmodify gives me: ldap_sasl_interactive_bind_s: Other (e.g., implementation specific) error (80) additional info: SASL(-1): generic failure: GSSAPI Error: No credentials were supplied, or the credentials were unavailable or inaccessible. (unknown mech-code 0 for mech unknown) I am out of ideas. Do I even have the ldapmodify command correct? (I tried with "-U u:" and "-X u:", too.) Is security/cyrus-sasl2 supposed to work with GSSAPI from security/heimdal? How should the undefined symbol be fixed properly? Is there anything more to fix with cyrus-sasl configure? Thanks for any ideas, Jan Henrik