Wyllys Ingersoll wyllys.ingersoll at sun.com
Mon Feb 14 16:12:16 EST 2005

coady wrote:

> Both the LDAP cient and Kerboros server are running Solaris 8.
> Sun Directory server 5.2.
> bash-2.03# klist -ef
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: testadmin/admin at example.com
> Valid starting     Expires            Service principal
> 02/14/05 09:30:57  02/14/05 19:30:57  krbtgt/example.com at example.com
>         renew until 02/14/05 09:30:57, Flags: RI
>         Etype (skey, tkt): Triple DES cbc mode with HMAC/sha1, Triple 
> DES cbc mode with HMAC/sha1

OK, this means you are using the MIT Kerberos and not the
Solaris SEAM packages (Solaris 8 SEAM does not recognized 3DES).

However, your "ldapsearch" command is trying to use the Solaris GSSAPI
implementation and will not work with MIT.

If you want to stick with MIT, then you will also need to find LDAP and SASL
tools that work with MIT and not with the native Solaris GSSAPI library
or figure out if the SunDS ldap tools can be configured to use the MIT
GSSAPI library instead of  native Solaris.


More information about the Kerberos mailing list