SASL authentication
Douglas E. Engert
deengert at anl.gov
Thu Mar 19 21:09:03 EDT 2009
Xu, Qiang (FXSGSC) wrote:
>> -----Original Message-----
>> From: kerberos-bounces at mit.edu
>> [mailto:kerberos-bounces at mit.edu] On Behalf Of Michael Str?der
>> Sent: Wednesday, March 18, 2009 2:34 PM
>> To: kerberos at mit.edu
>> Subject: Re: SASL authentication
>>
>> Did you try command-line option -A when invoking kinit as I
>> suggested in my previous posting? It seems you probably
>> should read a bit more about how Kerberos works especially
>> regarding ticket types. There are tons of docs out there.
>
> Yes, I have tried the option -A. Originally I was using "kinit -f ...". Now I am using "kinit -f -A ...". As far as I know, the option -A is "do not include addresses". I can't see any gain here. After using -A option, the error msg is still "82 Local error" when doing SASL binding.
>
>>From Google, I can only get a small number of materials on how to create a service principal under Windows 2003 Server. But they are all somewhat ambiguous, and I still can't figure out how to create a keytab file for LDAP client's use.
>
Start with:
http://technet.microsoft.com/en-us/library/bb742433.aspx
Then look for ksetup program and 2003.
Also look at Samba for net join and windbind and also look for msktutil.
Solaris has a script to do this
> Thanks,
> Xu Qiang
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
>
--
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
More information about the Kerberos
mailing list