/usr/lib/gss/gl/mech_krb5.so
Wyllys Ingersoll
wyllys.ingersoll at sun.com
Mon Feb 14 16:12:16 EST 2005
coady wrote:
> Both the LDAP cient and Kerboros server are running Solaris 8.
> Sun Directory server 5.2.
>
> bash-2.03# klist -ef
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: testadmin/admin at example.com
>
> Valid starting Expires Service principal
> 02/14/05 09:30:57 02/14/05 19:30:57 krbtgt/example.com at example.com
> renew until 02/14/05 09:30:57, Flags: RI
> Etype (skey, tkt): Triple DES cbc mode with HMAC/sha1, Triple
> DES cbc mode with HMAC/sha1
OK, this means you are using the MIT Kerberos and not the
Solaris SEAM packages (Solaris 8 SEAM does not recognized 3DES).
However, your "ldapsearch" command is trying to use the Solaris GSSAPI
implementation and will not work with MIT.
If you want to stick with MIT, then you will also need to find LDAP and SASL
tools that work with MIT and not with the native Solaris GSSAPI library
or figure out if the SunDS ldap tools can be configured to use the MIT
GSSAPI library instead of native Solaris.
-Wyllys
More information about the Kerberos
mailing list