SASL authentication

Xu, Qiang (FXSGSC) Qiang.Xu at fujixerox.com
Wed Mar 18 23:33:40 EDT 2009


> -----Original Message-----
> From: kerberos-bounces at mit.edu 
> [mailto:kerberos-bounces at mit.edu] On Behalf Of Michael Str?der
> Sent: Wednesday, March 18, 2009 2:34 PM
> To: kerberos at mit.edu
> Subject: Re: SASL authentication
> 
> Did you try command-line option -A when invoking kinit as I 
> suggested in my previous posting? It seems you probably 
> should read a bit more about how Kerberos works especially 
> regarding ticket types. There are tons of docs out there.

Yes, I have tried the option -A. Originally I was using "kinit -f ...". Now I am using "kinit -f -A ...". As far as I know, the option -A is "do not include addresses". I can't see any gain here. After using -A option, the error msg is still "82 Local error" when doing SASL binding.

>From Google, I can only get a small number of materials on how to create a service principal under Windows 2003 Server. But they are all somewhat ambiguous, and I still can't figure out how to create a keytab file for LDAP client's use.

Thanks,
Xu Qiang



More information about the Kerberos mailing list