Univention Bugzilla – Bug 44283
kerberos auth for ldapsearch not working
Last modified: 2018-04-14 13:43:45 CEST
Since UCS 4.2, ldapsearch does not work with a kerberos ticket anymore: test.benutzer@my:~$ ldapsearch uid=test.benutzer SASL/GSS-SPNEGO authentication started ldap_sasl_interactive_bind_s: Local error (-2) additional info: SASL(-1): generic failure: GSSAPI Error: An unsupported mechanism was requested (unknown mech-code 0 for mech unknown) test.benutzer@my:~$ kinit test.benutzer@LITTLE.PONY's Password: test.benutzer@my:~$ klist Credentials cache: FILE:/tmp/krb5cc_2006 Principal: test.benutzer@LITTLE.PONY Issued Expires Principal Apr 4 13:53:46 2017 Apr 4 23:53:44 2017 krbtgt/LITTLE.PONY@LITTLE.PONY test.benutzer@my:~$ ldapsearch uid=test.benutzer SASL/GSS-SPNEGO authentication started ldap_sasl_interactive_bind_s: Invalid credentials (49) additional info: SASL(-13): authentication failure: GSSAPI Failure: gss_canonicalize_name System is up to date with the latest packages.
use -Y GSSAPI as parameter for ldapsearch *** This bug has been marked as a duplicate of bug 43732 ***