I've stumbled a bit further, but still can't get the simple tests to work. Realizing that I need to open _two_ shell windows, one to launch the sample-server and the other to launch the sample-client, I can step through the transaction, (1) # @ SHELL #1, "server" /usr/bin/cyrus_sasl_sample_server -s ldap -p 389 -m GSSAPI trying 2, 1, 6 trying 10, 1, 6 socket: Address family not supported by protocol (2) # @ SHELL #2, "client"/usr/bin/cyrus_sasl_sample_client -s ldap -p 389 -m GSSAPI dirsvr.domain.com receiving capability list... recv: {6} GSSAPI GSSAPI please enter an authorization id: (3) # @ SHELL #1, "server" accepted new connection send: {6} GSSAPI (4) # @ SHELL #2, "client" (please enter an authorization id: ) ldap/dirsvr.domain.com (5) # @ SHELL #1, "server" recv: {6} GSSAPI recv: {1} Y recv: {655} `[82]... [0][0][0][A3][82][1]ha[82][1]d0[82][1]`[A0][3][2][1][5][A1][14][1B][ 12]DOMAIN.COM[A2]10/[A0][3][2][1][3][A1](0&[1B][4]ldap[1B][1E]dirsvr .domain.com[A3][82][1][E]0[82][1]...[F0][D9][B2][1]~[9C][D2][FD] starting SASL negotiation: generic failure closing connection (6) # @ SHELL #2, "client"send: {6} GSSAPI send: {1} Y send: {655} `[82]... [0][0][0][A3][82][1]ha[82][1]d0[82][1]`[A0][3][2][1][5][A1][14][1B][ 12]DOMAIN.COM[A2]10/[A0][3][2][1][3][A1](0&[1B][4]ldap[1B][1E]dirsvr .domain.com[A3][82][1][E]0[82][1]...[F0][D9][B2][1]~[9C][D2][FD] authentication failed closing connection Clearly there's some sort of communication occuring, but negotitation/authentication is still failing. Also, I still see the suspect, "socket: Address family not supported by protocol" Searching, I've found an old discussion here, http://www.irbs.net/internet/cyrus-sasl/0402/0070.html that suggests, "you need to create a /usr/lib/sasl2/sample.conf and configure what password verification service it should use as well as additional parameters that come with the pvs you want to use." I've tried various entries in "/usr/lib/sasl2/sample.conf". So far, I've seen no change at all in errors/behavior from above. I am confused by exactly _which_ ".conf" needs to be populated -- as well as what goes in it. Reading @ cyrus-sasl's docs/sysadmin.html, "The default configuration file By default, the Cyrus SASL library reads it's options from /usr/lib/sasl2/App.conf (where "App" is the application defined name of the application). For instance, Sendmail reads it's configuration from "/usr/lib/sasl2/Sendmail.conf" and the sample server application included with the library looks in "/usr/lib/sasl2/sample.conf"." What exactly does "App" is the application defined name of the application? mean? Given that on OpenSuse11, the app is named "cyrus_sasl_sample_server", which do I need? /usr/lib/sasl2/slapd.conf /usr/lib/sasl2/sample.conf or, /usr/lib/sasl2/cyrus_sasl_sample_server.conf And, on my system, find /usr -type d | grep sasl | grep lib /usr/lib64/sasl2 So should any/all of the conf DIRs above be in "/usr/lib64/..." instead of "/usr/lib/..." ? Ric -- Hotel pics, info and virtual tours. Click here to book a hotel online. http://tagline.hushmail.com/fc/Ioyw6h4eRCkvVvofMtoxR0EomX7V7hDNbOcr2Ogs3Islb... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org