[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Using Heimdal Kerberos with OpenLDAP and Windows



Hi,

Up until recently, I have been using OpenLDAP's
ldapsearch tool with MIT Kerberos to do secure LDAP
queries against Active Directory. This has worked
fine. However, recently I decided to switch to Heimdal
Kerberos. I recompiled Cyrus SASL and OpenLDAP with
Heimdal Kerberos with no problems. When I now run my
query though (after doing a kinit), I get this error:

ldap_sasl_interactive_bind_s: Local error (82)
        additional info: SASL(-1): generic failure:
GSSAPI Error:  Miscellaneous failure (see text) (KDC
has no support for checksum type)

I can see on my network that Heimdal is sending out a
TGS-REQ, and my Windows KDC is responding with the
error KRB5KDC_ERR_SUMTYPE_NOSUPP. My guess is that I
need to put something special in my Heimdal krb5.conf
file to make this work. Any suggestions?

As a side note, when using ldapsearch with MIT
Kerberos authentication, there is no explicit TGS-REQ
made that I can see on the network. ldapsearch just
goes immediately into its bind process (via Cyrus
SASL).

Thanks,
Dave

__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com