SASL authentication
Xu, Qiang (FXSGSC)
Qiang.Xu at fujixerox.com
Mon Mar 23 01:56:56 EDT 2009
> -----Original Message-----
> From: Douglas E. Engert [mailto:deengert at anl.gov]
> Sent: Saturday, March 21, 2009 3:05 AM
> To: Xu, Qiang (FXSGSC)
> Cc: Michael Ströder; kerberos at mit.edu
> Subject: Re: SASL authentication
>
> You need to use the FQDN of the server, not the IP number.
> GSSAPI/Kerberos use the FQDN to derive the principal name.
As you suggested, I use the following expressions:
==========================================
qxu at durian(pts/3):/etc[19]$ ldapsearch -Y GSSAPI -H 'ldap://sesswin2003.sesswin2003.com' -b 'dc=sesswin2003,dc=com' -s sub -LLL 'cn=qxu' mail
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
==========================================
The domain name is "sesswin2003.com", the host name is "sesswin2003". Thus the FQDN in the expression is "sesswin2003.sesswin2003.com". But the result seems worse.
Did I miss anything?
Thank you, Doug!
Xu Qiang
More information about the Kerberos
mailing list