[30909] in Kerberos
RE: SASL authentication
daemon@ATHENA.MIT.EDU (Xu, Qiang (FXSGSC))
Mon Mar 23 01:58:02 2009
From: "Xu, Qiang (FXSGSC)" <Qiang.Xu@fujixerox.com>
To: "Douglas E. Engert" <deengert@anl.gov>
Date: Mon, 23 Mar 2009 13:56:56 +0800
Message-ID: <D8C9BC7FFCF8154FB7141EB8DB609C1729054437AE@SGPAPHQ-EXSCC01.dc01.fujixerox.net>
In-Reply-To: <49C3E8EE.8040805@anl.gov>
Content-Language: en-US
MIME-Version: 1.0
X-MAIL-FROM: <qiang.xu@fujixerox.com>
Cc: =?iso-8859-1?Q?Michael_Str=F6der?= <michael@stroeder.com>,
"kerberos@mit.edu" <kerberos@mit.edu>
Content-Type: text/plain; charset="iso-8859-1"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
> -----Original Message-----
> From: Douglas E. Engert [mailto:deengert@anl.gov]
> Sent: Saturday, March 21, 2009 3:05 AM
> To: Xu, Qiang (FXSGSC)
> Cc: Michael Ströder; kerberos@mit.edu
> Subject: Re: SASL authentication
>
> You need to use the FQDN of the server, not the IP number.
> GSSAPI/Kerberos use the FQDN to derive the principal name.
As you suggested, I use the following expressions:
==========================================
qxu@durian(pts/3):/etc[19]$ ldapsearch -Y GSSAPI -H 'ldap://sesswin2003.sesswin2003.com' -b 'dc=sesswin2003,dc=com' -s sub -LLL 'cn=qxu' mail
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
==========================================
The domain name is "sesswin2003.com", the host name is "sesswin2003". Thus the FQDN in the expression is "sesswin2003.sesswin2003.com". But the result seems worse.
Did I miss anything?
Thank you, Doug!
Xu Qiang
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos