Re: OpenLDAP / SASL / Heimdal

[sam <samwun@hgcbroadband.com>]

Love wrote:

>Andreas Haupt <andreas.haupt@hmi.de> writes:
>
>  
>
>>Hello,
>>
>>I'm trying to setup OpenLDAP with SASL2 and Heimdal. When trying to 
>>authenticate I get the following error in the log files:
>>
>>2004-06-07T11:43:01 TGS-REQ blh@HMI.DE from IPv4:134.30.5.92 for ldap/
>>dice.hmi.de@HMI.DE
>>2004-06-07T11:43:01 TGS-REQ blh@HMI.DE from IPv4:134.30.5.92 for ldap/
>>dice.hmi.de@HMI.DE
>>2004-06-07T11:43:01 Decoding transited encoding: KDC policy rejects 
>>request
>>2004-06-07T11:43:01 Decoding transited encoding: KDC policy rejects 
>>request
>>2004-06-07T11:43:01 sending 115 bytes to IPv4:134.30.5.92
>>2004-06-07T11:43:01 sending 115 bytes to IPv4:134.30.5.92
>>
>>I don't have a clue what this means and how I can avoid the problem... 
>>Heimdal server is version 0.6 (SuSE 9.0).
>>    
>>
>
>Can you but a breakpoint in krb5_domain_x500_decode() and print out the
>second argument tr (and that data stored in tr->data) ?
>
>If you don't know how to do this, I can send you the options you should
>build heimdal with and the commands in gdb.
>
>Can you try to build heimdal-0.6.2 yourself and see if you still have the
>problem ?
>
>Love
>
>  
>
I dont' know if it is good idea to use 0.6.2, becuase it might have 
changed the encryption method which is different from 0.6. I had a 
nightmare after upgraded to 0.6.2 which caused the connection request 
fail because incompatible encryption key or something like that....