SASL authentication

Michael Ströder michael at
Tue Mar 17 08:19:57 EDT 2009

Xu, Qiang (FXSGSC) wrote:
>> -----Original Message-----
>> From: kerberos-bounces at 
>> [mailto:kerberos-bounces at] On Behalf Of Michael Str?der
>> Sent: Monday, March 16, 2009 7:18 PM
>> To: kerberos at
>> Subject: Re: SASL authentication
>> Try with obtaining the TGT with 'kinit -A <principal>'. I 
>> vaguely remember that this solved some problems for me.
> What should the <principle> be? In my case, suppose the user to be authentcated is "qxu", with password "abcdefg".

Something like <username>@<REALM>. E.g. "qxu at MIT.EDU" (without the quotes).

> Btw, from searching the web, it seems "82 Local error" may arises
> from the lacking of a keytab file. But should the keytab file in the
> server, or in the client? How to create a keytab file in Windows
> server 2003?

First try to do a kinit with providing the password. After that you
could try using keytab files (on your LDAP client) if needed in your setup.

Ciao, Michael.

More information about the Kerberos mailing list