SASL authentication

Henry B. Hotz hotz at jpl.nasa.gov
Mon Mar 16 17:33:45 EDT 2009 

This is not the right list.  I'd recommend an OpenLDAP list.  (I'd be  
more specific, but I'm not active in that community.)

That said, I've heard that a Windows DC will not accept an  
authenticated bind except over SSL/TLS.  Period.  Regardless of  
whether a SASL security layer is negotiated or not.  If that's not it,  
then I'm sorry I can't help.

On Mar 16, 2009, at 12:13 PM, krbdev-request at mit.edu wrote:

> Send krbdev mailing list submissions to
> 	krbdev at mit.edu
>
> To subscribe or unsubscribe via the World Wide Web, visit
> 	https://mailman.mit.edu/mailman/listinfo/krbdev
> or, via email, send a message with subject or body 'help' to
> 	krbdev-request at mit.edu
>
> You can reach the person managing the list at
> 	krbdev-owner at mit.edu
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of krbdev digest..."
>
>
> Today's Topics:
>
>   1. SASL authentication (Xu, Qiang (FXSGSC))
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Mon, 16 Mar 2009 16:03:15 +0800
> From: "Xu, Qiang (FXSGSC)" <Qiang.Xu at fujixerox.com>
> Subject: SASL authentication
> To: "kerberos at mit.edu" <kerberos at mit.edu>, "krbdev at mit.edu"
> 	<krbdev at mit.edu>
> Message-ID:
> 	<D8C9BC7FFCF8154FB7141EB8DB609C1727083C67A4 at SGPAPHQ-EXSCC01.dc01.fujixerox.net 
> >
> 	
> Content-Type: text/plain; charset="iso-8859-1"
>
> Hi, all:
>
> I am trying to do LDAP SASL binding to ADS in Windows 2003 server,  
> which is where KDC resides at the same time.
>
> Unfortunately, an error is confusing me:
> ==============================================
> <apManager> (Fri Mar 13 2009 13:34:19.846)  
> <p8124,t3078597536,aba_ldap_interface.c,2373>
>     INFO>> SASL Login
> <apManager> (Fri Mar 13 2009 13:35:07.089)  
> <p8124,t3078597536,aba_ldap_interface.c,2388>
>     INFO>> SASL LDAP BIND with GSSAPI: Value of ldapStatus 82
> <apManager> (Fri Mar 13 2009 13:35:07.089)  
> <p8124,t3078597536,aba_ldap_interface.c,2459>
>    ERROR>> LDAP BIND: Value of ldap failure status and text 82 Local  
> error
> ==============================================
> Using klist, it is verified that a Kerberos ticket exists and has  
> not expired. Besides this, what else should be done at the server's  
> end, or at the client's end? Any set-up issue? (the client has SASL  
> library and its GSSAPI plugin in place, already)
>
> Looking forward to help,
> Xu Qiang
>
>
> ------------------------------
>
> _______________________________________________
> krbdev mailing list
> krbdev at mit.edu
> https://mailman.mit.edu/mailman/listinfo/krbdev
>
>
> End of krbdev Digest, Vol 75, Issue 14
> **************************************

------------------------------------------------------
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz at jpl.nasa.gov, or hbhotz at oxy.edu

More information about the krbdev mailing list