Re: ldap.sasl.gssapi example?

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Here's the complete scoop:

marlin [~/src/mod/python/users](SHARK)(90)> rpm -qi krb5-workstation
Name        : krb5-workstation             Relocations: (not relocateable=
)
Version     : 1.2.7                             Vendor: (none)
Release     : 14                            Build Date: Wed 13 Aug 2003=20
03:33:05 PM PDT
Install Date: Thu 25 Mar 2004 09:36:58 AM PST      Build Host:=20
tuna.anim.dreamworks.com
Group       : System Environment/Base       Source RPM:=20
krb5-1.2.7-14.src.rpm
Size        : 1229404                          License: MIT, freely=20
distributable.
Signature   : DSA/SHA1, Wed 12 Nov 2003 01:33:16 PM PST, Key ID=20
c4e64780ae5317ff
URL         : http://web.mit.edu/kerberos/www/
Summary     : Kerberos 5 programs for use on workstations.
Description :
Kerberos is a network authentication system. The krb5-workstation
package contains the basic Kerberos programs (kinit, klist, kdestroy,
kpasswd) as well as kerberized versions of Telnet and FTP. If your
network uses Kerberos, this package should be installed on every
workstation.
marlin [~/src/mod/python/users](SHARK)(91)> rpm -qi cyrus-sasl
Name        : cyrus-sasl                   Relocations: (not relocateable=
)
Version     : 2.1.15                            Vendor: Red Hat, Inc.
Release     : 3                             Build Date: Thu 21 Aug 2003=20
12:27:29 PM PDT
Install Date: Thu 25 Mar 2004 09:38:29 AM PST      Build Host:=20
daffy.perf.redhat.com
Group       : System Environment/Libraries   Source RPM:=20
cyrus-sasl-2.1.15-3.src.rpm
Size        : 534045                           License: Freely Distributa=
ble
Signature   : DSA/SHA1, Wed 24 Sep 2003 11:11:29 AM PDT, Key ID=20
219180cddb42a60e
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
URL         : http://asg.web.cmu.edu/sasl/sasl-library.html
Summary     : The Cyrus SASL library.
Description :
The cyrus-sasl package contains the Cyrus implementation of SASL.
SASL is the Simple Authentication and Security Layer, a method for
adding authentication support to connection-based protocols.
marlin [~/src/mod/python/users](SHARK)(92)> kinit --no-addresses
kinit: invalid option -- -
kinit: invalid option -- n
kinit: invalid option -- o
kinit: invalid option -- -
kinit: invalid option -- a
kinit: invalid option -- d
kinit: invalid option -- d
Bad lifetime value esses
Usage: kinit [-5] [-4] [-V] [-l lifetime] [-s start_time]
         [-r renewable_life] [-f | -F] [-p | -P] [-A]
         [-v] [-R] [-k [-t keytab_file]]
         [-c cachename] [-S service_name] [principal]

     options:                                          valid with Kerbero=
s:
         -5 Kerberos 5 (available)
         -4 Kerberos 4 (available)
            (Default behavior is to try Kerberos 5)
         -V verbose                                        Either 4 or 5
         -l lifetime                                       Either 4 or 5
         -s start time                                     5
         -r renewable lifetime                             5
         -f forwardable                                    5
         -F not forwardable                                5
         -p proxiable                                      5
         -P not proxiable                                  5
         -A do not include addresses                       5
         -v validate                                       5
         -R renew                                          5, or both 5=20
and 4
         -k use keytab                                     5, or both 5=20
and 4
         -t filename of keytab to use                      5, or both 5=20
and 4
         -c Kerberos 5 cache name                          5
         -S service                                        5, or both 5=20
and 4
marlin [~/src/mod/python/users](SHARK)(93)> kinit -A
Password for gdo...@AN...:
marlin [~/src/mod/python/users](SHARK)(94)> python sasl
sasl_bind.py~  sasl_bind.py
marlin [~/src/mod/python/users](SHARK)(94)> python sasl_bind.py
******************** GSSAPI ********************
*** ldap://etzadaat.anim.dreamworks.com:389/ -=20
SimpleLDAPObject.set_option ((17, 3),{})
*** ldap://etzadaat.anim.dreamworks.com:389/ -=20
SimpleLDAPObject.set_option ((17, 3),{})
*** ldap://etzadaat.anim.dreamworks.com:389/ -=20
SimpleLDAPObject.sasl_interactive_bind_s (('', <ldap.sasl.sasl instance=20
at 0xb6e8110c>, None, None),{})
Error using SASL mechanism  GSSAPI {'desc': 'Local error'} (<class=20
ldap.LOCAL_ERROR at 0xb73fa4dc>, <ldap.LOCAL_ERROR instance at=20
0xb6e811ec>, <traceback object at 0xb6e85f54>)
   File "sasl_bind.py", line 72, in ?
     l.sasl_interactive_bind_s("", sasl_auth)
   File "/usr/local/lib/python2.3/site-packages/ldap/ldapobject.py",=20
line 196, in sasl_interactive_bind_s
     return=20
self._ldap_call(self._l.sasl_interactive_bind_s,who,auth,serverctrls,clie=
ntctrls)
   File "/usr/local/lib/python2.3/site-packages/ldap/ldapobject.py",=20
line 94, in _ldap_call
     result =3D func(*args,**kwargs)
*** ldap://etzadaat.anim.dreamworks.com:389/ -=20
SimpleLDAPObject.unbind_ext ((None, None),{})

Michael Str=F6der wrote:
> Gavin Doughtie wrote:
>=20
>> OK, here's the result from running my modified sasl_bind.py (below):
>>
>> marlin [~/src/mod/python/users](SHARK)(55)> kinit
>> Password for gdo...@AN...:
>=20
>=20
> Could you please try with
>=20
> kinit --no-addresses
>=20
>> Error using SASL mechanism  GSSAPI {'desc': 'Local error'}
>=20
>=20
> Hmm, really no 'info' field?
>=20
> What Kerberos lib are you using?
>=20
> I'm using heimdal 0.6 and cyrus-sasl 2.1.15 shipped with my SuSE 9.0=20
> system.
>=20
> If anything goes wrong there's a message in the 'info' field containing=
=20
> also Kerberos-related text.
>=20
> Ciao, Michael.

--=20
Gavin Doughtie
DreamWorks SKG
(818) 695-3821