SASL authentication

Xu, Qiang (FXSGSC) Qiang.Xu at
Mon Mar 23 01:56:56 EDT 2009

> -----Original Message-----
> From: Douglas E. Engert [mailto:deengert at] 
> Sent: Saturday, March 21, 2009 3:05 AM
> To: Xu, Qiang (FXSGSC)
> Cc: Michael Ströder; kerberos at
> Subject: Re: SASL authentication
> You need to use the FQDN of the server, not the IP number. 
> GSSAPI/Kerberos use the FQDN to derive the principal name.

As you suggested, I use the following expressions:
qxu at durian(pts/3):/etc[19]$ ldapsearch -Y GSSAPI -H 'ldap://' -b 'dc=sesswin2003,dc=com' -s sub -LLL 'cn=qxu' mail
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
The domain name is "", the host name is "sesswin2003". Thus the FQDN in the expression is "". But the result seems worse. 

Did I miss anything?

Thank you, Doug!
Xu Qiang

More information about the Kerberos mailing list