Kerberos / SASSL / OpenLDAP: GSSAPI error: Unconfirmed GSS failure. A minor code may provide additional information ()

Question

Kerberos / SASSL / OpenLDAP: GSSAPI error: Unconfirmed GSS failure. A minor code may provide additional information ()

I am creating openLDAP with SASL authentication using kerberos. I have a problem with this auth.

Firstly, I get a kerberos ticket with kinit. When I do klist, the ticket is displayed. So no problem. But when I try to do ldapwhoami. I got an error message:

[hue@sandbox ~]$ kdestroy

[hue@sandbox ~]$ kinit vishnu
Password for vishnu@MORTO.COM:

[hue@sandbox ~]$ klist
Ticket cache: _FILE:/tmp/krb5cc_1007
Default principal: vishnu@MORTO.COM

Valid starting     Expires            Service principal
05/29/14 06:42:52  05/29/14 16:42:52  krbtgt/MORTO.COM@MORTO.COM
        renew until 06/05/14 06:42:48
05/29/14 06:42:57  05/29/14 16:42:52  ldap/morto.com@MORTO.COM
        renew until 06/05/14 06:42:48

[hue@sandbox ~]$ ldapwhoami
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Other (e.g., implementation specific) error (80)
        additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information ()

I do not know where to look. Please help me.

+4

ldap kerberos gssapi sasl openldap

Voulzy May 29 '14 at 14:43

source share

1 answer

BeeJee · Answer 1 · 2014-06-03T12:16:38+0000

. , - keytab.

, /etc/openldap/ldap.keytab root, ldap. KPB5_KTNAME slapd (/etc/sysconfig/ldap red hat 6)

Kerberos / SASSL / OpenLDAP: GSSAPI error: Unconfirmed GSS failure. A minor code may provide additional information ()

More articles: