Date: Wed, 25 Aug 2010 21:47:17 +0200 From: Leon =?iso-8859-15?Q?Me=DFner?= <l.messner@physik.tu-berlin.de> To: Reko Turja <reko.turja@liukuma.net> Cc: =?iso-8859-15?Q?LeonMe=DFner?= <l.messner@physik.tu-berlin.de>, freebsd-questions@freebsd.org Subject: Re: openldap-sasl fails after 8.1 upgrade Message-ID: <20100825194717.GB51165@emmi.physik-pool.tu-berlin.de> In-Reply-To: <1DA6D3678D2745999DA4F00266376495@rivendell> References: <20100825160404.GF3762@emmi.physik-pool.tu-berlin.de> <1DA6D3678D2745999DA4F00266376495@rivendell>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Aug 25, 2010 at 10:34:27PM +0300, Reko Turja wrote: > Sadly the GSSAPI/Kerberos has been broken in 8.x for a good while now. > You can either install the heimdal or MIT port, although getting that > to work in stead of the base can be messy. > > kern/147454 PR actually has a working fix, although I'm not sure if it > applies cleanly as it's pretty big - I managed to get working GSSAPI > with it on 8.1 PRERELEASE. I'll try that. > See also discussion at > http://lists.freebsd.org/pipermail/freebsd-stable/2010-July/057734.html Following the link in the other thread to http://lists.freebsd.org/pipermail/freebsd-stable/2010-February/055017.html i made the changes to /usr/bin/krb5-config: # diff /usr/bin/krb5-config /usr/bin/krb5-config.org 96c96 < lib_flags="$lib_flags -lgssapi -lgssapi_spnego -lgssapi_krb5 -lheimntlm" --- > lib_flags="$lib_flags -lgssapi -lheimntlm" After that, rebuilding openldap+dependencies makes it work again. I suppose this is quite dirty and i have to see if it introduces other problems. Thanks, leon > > -------------------------------------------------- > From: "LeonMeßner" <l.messner@physik.tu-berlin.de> > Sent: Wednesday, August 25, 2010 7:04 PM > To: <freebsd-questions@freebsd.org> > Subject: openldap-sasl fails after 8.1 upgrade > > > Hi, > > > > after binary upgrading to freebsd8.1 from 7.2 i encounter an error > > with openldap24, cyrus-sasl2 and kerberos: > > > > # ldapsearch uid=whatever > > SASL/GSSAPI authentication started > > ldap_sasl_interactive_bind_s: Other (e.g., implementation specific) > > error (80) > > additional info: SASL(-1): generic failure: GSSAPI Error: No > > credentials were supplied, or the credentials were unavailable or > > inaccessible. (unknown mech-code 0 for mech unknown) > > > > Simple binding to the ldap server does work. The KDC behind this is > > still on kerberos 0.6.3 (FreeBSD7.3) and there have been reported > > Problems with such a setup, but as i can login through ssh and > > kerberos > > i suppose these [1] don't apply here (also already tested the > > proposed > > changes). > > > > If anybody got any insight please share. > > > > Thanks in Advance, > > Leon > > > > [1] > > http://lists.freebsd.org/pipermail/freebsd-stable/2009-October/052217.html > > _______________________________________________ > > freebsd-questions@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > > To unsubscribe, send any mail to > > "freebsd-questions-unsubscribe@freebsd.org" > > > > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100825194717.GB51165>