Quoting Karen R McArthur <[EMAIL PROTECTED]>:
> Passwords are stored in the kerberos database.
> All passwords in ldap
> are set to [EMAIL PROTECTED] (I've also tried
> [EMAIL PROTECTED]).
This is two different things. Either you have the password in the LDAP
database, or you don't. If you use the {SASL} ({KERBEROS} is deprecated,
and no longer availible - {SASL} superseeds it), then what' "you're"
saying is "Talk to SASL for verifying this password". In (Cyrus) SASL
you can have a multitude of ways of storing passwords - Kerberos is
just one of them...
> All ldap "People" have a kerberos record and also the "krb5Principal"
> objectClass.
This stricly speaking not _required_. Mainly (?) used to simplify ACL/ACI
writing...
> Is this an ldap configuration issue? Or is it kerberos? Any ideas
> would be greatly appreciated!
If I could venture a guess (without looking/knowing exactly
how you've configured the systems), I'd say it's solely a
(Cyrus) SASL problem...
Do you run the 'saslauthd' on the LDAP server? Is it configured
correctly? Are you _running_ it correctly?
If you use Kerberos, then you'd need the '-a kerberos5' option...
________________________________________________
Kerberos mailing list [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos
