Mailinglist Archive: opensuse (2740 mails)
| < Previous | Next > |
[opensuse] Openldap sasl mechanism order problem on OpenSuSE 11
- From: "Markus Moeller" <huaraz@xxxxxxxxxxxxxxxx>
- Date: Mon, 1 Dec 2008 23:29:44 -0000
- Message-id: <gh1s19$bal$1@xxxxxxxxxxxxx>
I'd like to use GSSAPI as the first sasl authentication mechanism and
digest-md5 as the second method.
Although /etc/sash/slapd.conf has gssapi before digest-md5.
mech_list: gssapi digest-md5 cram-md5 external
I get gssapi as the last in the list of supportedsaslmechanisms
#ldapsearch -H ldap://192.168.1.27 -x -D "CN=Admin,DC=Suse,DC=home" -w password -b "" -s base "supportedsaslmechanisms"
# extended LDIF
#
# LDAPv3
# base <> with scope baseObject
# filter: (objectclass=*)
# requesting: supportedsaslmechanisms
#
#
dn:
supportedSASLMechanisms: DIGEST-MD5
supportedSASLMechanisms: CRAM-MD5
supportedSASLMechanisms: GSSAPI
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
and a query will force digest-md5 authentication.
#ldapsearch -H ldap://192.168.1.27 -D "CN=Manager,DC=Suse,DC=home" -w Manager00$ -b "" -s base "supportedsaslmechanisms"
SASL/DIGEST-MD5 authentication started
ldap_sasl_interactive_bind_s: Invalid credentials (49)
additional info: SASL(-13): user not found: no secret in database
If I change /etc/sasl2/slapd.conf to
mech_list: gssapi
I get gssapi to work
#ldapsearch -H ldap://192.168.1.27 -b "" -s base "supportedsaslmechanisms"
SASL/GSSAPI authentication started
SASL username: markus@xxxxxxxxx
SASL SSF: 56
SASL installing layers
# extended LDIF
#
# LDAPv3
# base <> with scope baseObject
# filter: (objectclass=*)
# requesting: supportedsaslmechanisms
#
#
dn:
supportedSASLMechanisms: GSSAPI
# search result
search: 5
result: 0 Success
# numResponses: 2
# numEntries: 1
Why is slapd not using the right order ?
I use OpenSuse 11.0 with latest patches.
Markus
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
Although /etc/sash/slapd.conf has gssapi before digest-md5.
mech_list: gssapi digest-md5 cram-md5 external
I get gssapi as the last in the list of supportedsaslmechanisms
#ldapsearch -H ldap://192.168.1.27 -x -D "CN=Admin,DC=Suse,DC=home" -w password -b "" -s base "supportedsaslmechanisms"
# extended LDIF
#
# LDAPv3
# base <> with scope baseObject
# filter: (objectclass=*)
# requesting: supportedsaslmechanisms
#
#
dn:
supportedSASLMechanisms: DIGEST-MD5
supportedSASLMechanisms: CRAM-MD5
supportedSASLMechanisms: GSSAPI
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
and a query will force digest-md5 authentication.
#ldapsearch -H ldap://192.168.1.27 -D "CN=Manager,DC=Suse,DC=home" -w Manager00$ -b "" -s base "supportedsaslmechanisms"
SASL/DIGEST-MD5 authentication started
ldap_sasl_interactive_bind_s: Invalid credentials (49)
additional info: SASL(-13): user not found: no secret in database
If I change /etc/sasl2/slapd.conf to
mech_list: gssapi
I get gssapi to work
#ldapsearch -H ldap://192.168.1.27 -b "" -s base "supportedsaslmechanisms"
SASL/GSSAPI authentication started
SASL username: markus@xxxxxxxxx
SASL SSF: 56
SASL installing layers
# extended LDIF
#
# LDAPv3
# base <> with scope baseObject
# filter: (objectclass=*)
# requesting: supportedsaslmechanisms
#
#
dn:
supportedSASLMechanisms: GSSAPI
# search result
search: 5
result: 0 Success
# numResponses: 2
# numEntries: 1
Why is slapd not using the right order ?
I use OpenSuse 11.0 with latest patches.
Markus
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
| < Previous | Next > |