Excerpts from Rich Megginson's message of Fri Oct 08 18:59:52 -0400 2010:
Try running with the SHELL (1024) debug error log level. This should
give more information about the principal, keytab, etc. that directory
server is using.
More logs:
[09/Oct/2010:04:29:48 -0400] - Listening on /var/run/dirsrv/slapd-scripts.socket for LDAPI
requests
[09/Oct/2010:04:29:48 -0400] slapi_ldap_init_ext - Success: set up conn to
[better-mousetrap.mit.edu:389]
[09/Oct/2010:04:29:48 -0400] set_krb5_creds - The default credentials cache
[FILE:/tmp/krb5cc_485] not found: will create a new one.
[09/Oct/2010:04:29:48 -0400] slapi_ldap_init_ext - configpluginpath == NULL
[09/Oct/2010:04:29:48 -0400] slapi_ldap_init_ext - Success: set up conn to
[whole-enchilada.mit.edu:389]
[09/Oct/2010:04:29:48 -0400] set_krb5_creds - Using principal named
[ldap/old-faithful.mit.edu(a)ATHENA.MIT.EDU]
[09/Oct/2010:04:29:48 -0400] slapi_ldap_init_ext - Success: set up conn to
[cats-whiskers.mit.edu:389]
[09/Oct/2010:04:29:48 -0400] set_krb5_creds - The default credentials cache
[FILE:/tmp/krb5cc_485] not found: will create a new one.
[09/Oct/2010:04:29:48 -0400] set_krb5_creds - Using principal named
[ldap/old-faithful.mit.edu(a)ATHENA.MIT.EDU]
[09/Oct/2010:04:29:48 -0400] set_krb5_creds - The default credentials cache
[FILE:/tmp/krb5cc_485] not found: will create a new one.
[09/Oct/2010:04:29:48 -0400] set_krb5_creds - Using principal named
[ldap/old-faithful.mit.edu(a)ATHENA.MIT.EDU]
[09/Oct/2010:04:29:48 -0400] set_krb5_creds - Using keytab named
[WRFILE:/etc/dirsrv/keytab]
[09/Oct/2010:04:29:48 -0400] set_krb5_creds - Using keytab named
[WRFILE:/etc/dirsrv/keytab]
[09/Oct/2010:04:29:48 -0400] set_krb5_creds - Using keytab named
[WRFILE:/etc/dirsrv/keytab]
[09/Oct/2010:04:29:48 -0400] set_krb5_creds - Generated new memory ccache
[MEMORY:N0KZtwJ]
[09/Oct/2010:04:29:48 -0400] show_cached_credentials - Ticket cache: MEMORY:N0KZtwJ
Default principal: ldap/old-faithful.mit.edu(a)ATHENA.MIT.EDU
[09/Oct/2010:04:29:48 -0400] show_one_credential - Kerberos credential: client
[ldap/old-faithful.mit.edu(a)ATHENA.MIT.EDU] server [krbtgt/ATHENA.MIT.EDU(a)ATHENA.MIT.EDU]
start time [Sat Oct 9 04:30:00 2010] end time [Sun Oct 10 01:45:00 2010] renew time [Sun
Oct 10 04:29:49 2010] flags [0x50c00000]
[09/Oct/2010:04:29:48 -0400] set_krb5_creds - Set new env for ccache:
[KRB5CCNAME=MEMORY:N0KZtwJ]
[09/Oct/2010:04:29:48 -0400] set_krb5_creds - Generated new memory ccache
[MEMORY:fyHs1On]
[09/Oct/2010:04:29:48 -0400] show_cached_credentials - Ticket cache: MEMORY:fyHs1On
Default principal: ldap/old-faithful.mit.edu(a)ATHENA.MIT.EDU
[09/Oct/2010:04:29:48 -0400] show_one_credential - Kerberos credential: client
[ldap/old-faithful.mit.edu(a)ATHENA.MIT.EDU] server [krbtgt/ATHENA.MIT.EDU(a)ATHENA.MIT.EDU]
start time [Sat Oct 9 04:30:00 2010] end time [Sun Oct 10 01:45:00 2010] renew time [Sun
Oct 10 04:29:49 2010] flags [0x50c00000]
[09/Oct/2010:04:29:48 -0400] set_krb5_creds - Set new env for ccache:
[KRB5CCNAME=MEMORY:fyHs1On]
[09/Oct/2010:04:29:48 -0400] ldap_sasl_get_val - Using value [(null)] for SASL_CB_USER
[09/Oct/2010:04:29:48 -0400] set_krb5_creds - Generated new memory ccache
[MEMORY:aIeSCnz]
[09/Oct/2010:04:29:48 -0400] show_cached_credentials - Ticket cache: MEMORY:aIeSCnz
Default principal: ldap/old-faithful.mit.edu(a)ATHENA.MIT.EDU
[09/Oct/2010:04:29:48 -0400] show_one_credential - Kerberos credential: client
[ldap/old-faithful.mit.edu(a)ATHENA.MIT.EDU] server [krbtgt/ATHENA.MIT.EDU(a)ATHENA.MIT.EDU]
start time [Sat Oct 9 04:30:00 2010] end time [Sun Oct 10 01:45:00 2010] renew time [Sun
Oct 10 04:29:49 2010] flags [0x50c00000]
[09/Oct/2010:04:29:48 -0400] set_krb5_creds - Set new env for ccache:
[KRB5CCNAME=MEMORY:aIeSCnz]
[09/Oct/2010:04:29:48 -0400] ldap_sasl_get_val - Using value [(null)] for SASL_CB_USER
[09/Oct/2010:04:29:48 -0400] ldap_sasl_get_val - Using value [(null)] for SASL_CB_USER
[09/Oct/2010:04:29:48 -0400] ldap_sasl_get_val - Using value [(null)] for SASL_CB_USER
[09/Oct/2010:04:29:48 -0400] ldap_sasl_get_val - Using value [(null)] for SASL_CB_USER
[09/Oct/2010:04:29:48 -0400] ldap_sasl_get_val - Using value [(null)] for SASL_CB_USER
What is the platform? Are you using a newer version of kerberos?
Fedora 13. We have the latest version of Kerberos with one custom patch:
Name : krb5-libs
Arch : x86_64
Version : 1.7.1
Release : 14.fc13.scripts.1671
Size : 1.7 M
Repo : installed
From repo : scripts
Summary : The shared libraries used by
Kerberos 5
URL :
http://web.mit.edu/kerberos/www/
License : MIT
Description : Kerberos is a network authentication system. The krb5-libs package
: contains the shared libraries needed by Kerberos 5. If you are using
: Kerberos, you need to install this package.
that modifies src/lib/krb5/os/kuserok.c (which was not in the backtrace).
http://scripts.mit.edu/trac/browser/branches/fc13-dev/server/common/patch...
Cheers,
Edward