Bug 44283 - kerberos auth for ldapsearch not working
kerberos auth for ldapsearch not working
Status: RESOLVED DUPLICATE of bug 43732
Product: UCS
Classification: Unclassified
Component: LDAP
UCS 4.2
Other Linux
: P5 normal (vote)
: ---
Assigned To: UCS maintainers
UCS maintainers
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-04-04 13:58 CEST by Timo Denissen
Modified: 2018-04-14 13:43 CEST (History)
1 user (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Timo Denissen univentionstaff 2017-04-04 13:58:37 CEST
Since UCS 4.2, ldapsearch does not work with a kerberos ticket anymore:
test.benutzer@my:~$ ldapsearch uid=test.benutzer
SASL/GSS-SPNEGO authentication started
ldap_sasl_interactive_bind_s: Local error (-2)
	additional info: SASL(-1): generic failure: GSSAPI Error:  An unsupported mechanism was requested (unknown mech-code 0 for mech unknown)
test.benutzer@my:~$ kinit
test.benutzer@LITTLE.PONY's Password: 
test.benutzer@my:~$ klist
Credentials cache: FILE:/tmp/krb5cc_2006
        Principal: test.benutzer@LITTLE.PONY

  Issued                Expires               Principal
Apr  4 13:53:46 2017  Apr  4 23:53:44 2017  krbtgt/LITTLE.PONY@LITTLE.PONY
test.benutzer@my:~$ ldapsearch uid=test.benutzer
SASL/GSS-SPNEGO authentication started
ldap_sasl_interactive_bind_s: Invalid credentials (49)
	additional info: SASL(-13): authentication failure: GSSAPI Failure: gss_canonicalize_name

System is up to date with the latest packages.
Comment 1 Erik Damrose univentionstaff 2017-04-04 14:01:27 CEST
use -Y GSSAPI as parameter for ldapsearch

*** This bug has been marked as a duplicate of bug 43732 ***