Sadly the GSSAPI/Kerberos has been broken in 8.x for a good while now.
You can either install the heimdal or MIT port, although getting that
to work in stead of the base can be messy.
kern/147454 PR actually has a working fix, although I'm not sure if it
applies cleanly as it's pretty big - I managed to get working GSSAPI
with it on 8.1 PRERELEASE.
See also discussion at
http://lists.freebsd.org/pipermail/freebsd-stable/2010-July/057734.html
-Reko
--------------------------------------------------
From: "LeonMeßner" <[email protected]>
Sent: Wednesday, August 25, 2010 7:04 PM
To: <[email protected]>
Subject: openldap-sasl fails after 8.1 upgrade
Hi,
after binary upgrading to freebsd8.1 from 7.2 i encounter an error
with openldap24, cyrus-sasl2 and kerberos:
# ldapsearch uid=whatever
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Other (e.g., implementation specific)
error (80)
additional info: SASL(-1): generic failure: GSSAPI Error: No
credentials were supplied, or the credentials were unavailable or
inaccessible. (unknown mech-code 0 for mech unknown)
Simple binding to the ldap server does work. The KDC behind this is
still on kerberos 0.6.3 (FreeBSD7.3) and there have been reported
Problems with such a setup, but as i can login through ssh and
kerberos
i suppose these [1] don't apply here (also already tested the
proposed
changes).
If anybody got any insight please share.
Thanks in Advance,
Leon
[1]
http://lists.freebsd.org/pipermail/freebsd-stable/2009-October/052217.html
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
"[email protected]"
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[email protected]"
