Broken auth, LDAP dbargs stopped working
Gergely Czuczy
gergely.czuczy at harmless.hu
Wed May 13 10:02:38 EDT 2015
Hello,
I have an installation of MIT Kerberos with an OpenLDAP backend, on CentOS6:
krb5-devel-1.10.3-37.el6_6.x86_64
krb5-workstation-1.10.3-37.el6_6.x86_64
krb5-server-ldap-1.10.3-37.el6_6.x86_64
krb5-server-1.10.3-37.el6_6.x86_64
And starting of today, for some unknown reason, it started misbehaving.
First was, one of the boxes refuses kerberos authentication, getting the
following error message:
(('Unspecified GSS failure. Minor code may provide more information',
851968), ('Success', 100001))
A couple of times, I also got "Wrong principal in request" for the minor
code, however at this very moment, I cannot reproduce that one.
This is a web application, which worked yesterday. Also, ssh with GSSAPI
auth works all over the boxes, except for this one, it always falls back
to PAM.
What's also strange is, I've used to store the principals of users and
hosts in LDAP, in their respective entries, under
ou=(users,hosts),dc=..., respectively. Now, whenever I do an addprinc
with -x dn=$dn, the principal is getting added, but it's not showing up
under the entity's LDAP entry.
Clock is in sync, the DNS entries back and forward are properly done.
I'm at a loss, I'm running out of ideas where to look for. Could someone
please give me a couple of suggestions, where and what to look for? This
stuff used to work, but for some unknown reason it stopped working.
krb5kdc.log and kadmin.log are silent of any errors, as I've checked.
Thanks in advance,
Gergely
More information about the Kerberos
mailing list