I am using OpenLDAP's ldapsearch tool, in conjunction with Cyrus SASL and MIT Kerberos 5. The tool allows me to do LDAP queries against a Microsoft PDC, assuming that I have first obtained the ticket from the Microsoft KDC. It works great, except for one problem...
My DNS server has two entries for my PDC/KDC. The two entries are: gem-pdc.gem.company.com -> 192.168.10.87 gem-pdc -> 192.168.10.87 A reverse DNS lookup on the IP will return either of the host names. I guess that either SASL or Kerberos does a reverse DNS lookup based on the IP. When the non-FQDN host name is returned, my LDAP/SASL/Kerberos gives the following error: added plugin '/usr/lib/sasl/libgssapiv2.so' mech list from server is GSSAPI GSS-SPNEGO Considering mech GSSAPI Best mech so far: GSSAPI Considering mech GSS-SPNEGO sasl_gss_client_step: AUTHNEG Trying to get userid SASL/GSSAPI authentication started sasl_gss_client_step: AUTHNEG Trying to get userid Userid: -C name: ldap@gem-pdc ldap_sasl_interactive_bind_s: Local error I traced down the error to the Kerberos function "gss_import_name", which is being called from the SASL function sasl_gss_client_step. This problem only happens when the non FQDN kdc name is returned from DNS. Is this a Kerberos or SASL problem? Does anyone know how to resolve it (without changing my DNS)? Thanks, Dave __________________________________________________ Do You Yahoo!? LAUNCH - Your Yahoo! Music Experience http://launch.yahoo.com ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos
