coady at new.com
Tue Feb 15 15:04:09 EST 2005
Do you know where I could find out how to make the SunDS ldap
tools to be configured to use the MIT GSSAPI library?
Any suggestions would be greatly appreciated.
>> Both the LDAP cient and Kerboros server are running Solaris 8.
>> Sun Directory server 5.2.
>> bash-2.03# klist -ef
>> Ticket cache: FILE:/tmp/krb5cc_0
>> Default principal: testadmin/admin at example.com
>> Valid starting Expires Service principal
>> 02/14/05 09:30:57 02/14/05 19:30:57 krbtgt/example.com at example.com
>> renew until 02/14/05 09:30:57, Flags: RI
>> Etype (skey, tkt): Triple DES cbc mode with HMAC/sha1, Triple
>> DES cbc mode with HMAC/sha1
>OK, this means you are using the MIT Kerberos and not the
>Solaris SEAM packages (Solaris 8 SEAM does not recognized 3DES).
>However, your "ldapsearch" command is trying to use the Solaris GSSAPI
>implementation and will not work with MIT.
>If you want to stick with MIT, then you will also need to find LDAP
and >SASL tools that work with MIT and not with the native Solaris
GSSAPI >library or figure out if the SunDS ldap tools can be configured
to use >the MIT GSSAPI library instead of native Solaris.
More information about the Kerberos