ldap.sasl.gssapi example?

Gavin Doughtie gdoughtie at anim.dreamworks.com
Thu Apr 8 19:28:42 CEST 2004 

Here's the complete scoop:

marlin [~/src/mod/python/users](SHARK)(90)> rpm -qi krb5-workstation
Name        : krb5-workstation             Relocations: (not relocateable)
Version     : 1.2.7                             Vendor: (none)
Release     : 14                            Build Date: Wed 13 Aug 2003 
03:33:05 PM PDT
Install Date: Thu 25 Mar 2004 09:36:58 AM PST      Build Host: 
tuna.anim.dreamworks.com
Group       : System Environment/Base       Source RPM: 
krb5-1.2.7-14.src.rpm
Size        : 1229404                          License: MIT, freely 
distributable.
Signature   : DSA/SHA1, Wed 12 Nov 2003 01:33:16 PM PST, Key ID 
c4e64780ae5317ff
URL         : http://web.mit.edu/kerberos/www/
Summary     : Kerberos 5 programs for use on workstations.
Description :
Kerberos is a network authentication system. The krb5-workstation
package contains the basic Kerberos programs (kinit, klist, kdestroy,
kpasswd) as well as kerberized versions of Telnet and FTP. If your
network uses Kerberos, this package should be installed on every
workstation.
marlin [~/src/mod/python/users](SHARK)(91)> rpm -qi cyrus-sasl
Name        : cyrus-sasl                   Relocations: (not relocateable)
Version     : 2.1.15                            Vendor: Red Hat, Inc.
Release     : 3                             Build Date: Thu 21 Aug 2003 
12:27:29 PM PDT
Install Date: Thu 25 Mar 2004 09:38:29 AM PST      Build Host: 
daffy.perf.redhat.com
Group       : System Environment/Libraries   Source RPM: 
cyrus-sasl-2.1.15-3.src.rpm
Size        : 534045                           License: Freely Distributable
Signature   : DSA/SHA1, Wed 24 Sep 2003 11:11:29 AM PDT, Key ID 
219180cddb42a60e
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
URL         : http://asg.web.cmu.edu/sasl/sasl-library.html
Summary     : The Cyrus SASL library.
Description :
The cyrus-sasl package contains the Cyrus implementation of SASL.
SASL is the Simple Authentication and Security Layer, a method for
adding authentication support to connection-based protocols.
marlin [~/src/mod/python/users](SHARK)(92)> kinit --no-addresses
kinit: invalid option -- -
kinit: invalid option -- n
kinit: invalid option -- o
kinit: invalid option -- -
kinit: invalid option -- a
kinit: invalid option -- d
kinit: invalid option -- d
Bad lifetime value esses
Usage: kinit [-5] [-4] [-V] [-l lifetime] [-s start_time]
         [-r renewable_life] [-f | -F] [-p | -P] [-A]
         [-v] [-R] [-k [-t keytab_file]]
         [-c cachename] [-S service_name] [principal]

     options:                                          valid with Kerberos:
         -5 Kerberos 5 (available)
         -4 Kerberos 4 (available)
            (Default behavior is to try Kerberos 5)
         -V verbose                                        Either 4 or 5
         -l lifetime                                       Either 4 or 5
         -s start time                                     5
         -r renewable lifetime                             5
         -f forwardable                                    5
         -F not forwardable                                5
         -p proxiable                                      5
         -P not proxiable                                  5
         -A do not include addresses                       5
         -v validate                                       5
         -R renew                                          5, or both 5 
and 4
         -k use keytab                                     5, or both 5 
and 4
         -t filename of keytab to use                      5, or both 5 
and 4
         -c Kerberos 5 cache name                          5
         -S service                                        5, or both 5 
and 4
marlin [~/src/mod/python/users](SHARK)(93)> kinit -A
Password for gdoughtie at ANIM.DREAMWORKS.COM:
marlin [~/src/mod/python/users](SHARK)(94)> python sasl
sasl_bind.py~  sasl_bind.py
marlin [~/src/mod/python/users](SHARK)(94)> python sasl_bind.py
******************** GSSAPI ********************
*** ldap://etzadaat.anim.dreamworks.com:389/ - 
SimpleLDAPObject.set_option ((17, 3),{})
*** ldap://etzadaat.anim.dreamworks.com:389/ - 
SimpleLDAPObject.set_option ((17, 3),{})
*** ldap://etzadaat.anim.dreamworks.com:389/ - 
SimpleLDAPObject.sasl_interactive_bind_s (('', <ldap.sasl.sasl instance 
at 0xb6e8110c>, None, None),{})
Error using SASL mechanism  GSSAPI {'desc': 'Local error'} (<class 
ldap.LOCAL_ERROR at 0xb73fa4dc>, <ldap.LOCAL_ERROR instance at 
0xb6e811ec>, <traceback object at 0xb6e85f54>)
   File "sasl_bind.py", line 72, in ?
     l.sasl_interactive_bind_s("", sasl_auth)
   File "/usr/local/lib/python2.3/site-packages/ldap/ldapobject.py", 
line 196, in sasl_interactive_bind_s
     return 
self._ldap_call(self._l.sasl_interactive_bind_s,who,auth,serverctrls,clientctrls)
   File "/usr/local/lib/python2.3/site-packages/ldap/ldapobject.py", 
line 94, in _ldap_call
     result = func(*args,**kwargs)
*** ldap://etzadaat.anim.dreamworks.com:389/ - 
SimpleLDAPObject.unbind_ext ((None, None),{})


Michael Ströder wrote:
> Gavin Doughtie wrote:
> 
>> OK, here's the result from running my modified sasl_bind.py (below):
>>
>> marlin [~/src/mod/python/users](SHARK)(55)> kinit
>> Password for gdoughtie at ANIM.DREAMWORKS.COM:
> 
> 
> Could you please try with
> 
> kinit --no-addresses
> 
>> Error using SASL mechanism  GSSAPI {'desc': 'Local error'}
> 
> 
> Hmm, really no 'info' field?
> 
> What Kerberos lib are you using?
> 
> I'm using heimdal 0.6 and cyrus-sasl 2.1.15 shipped with my SuSE 9.0 
> system.
> 
> If anything goes wrong there's a message in the 'info' field containing 
> also Kerberos-related text.
> 
> Ciao, Michael.

-- 
Gavin Doughtie
DreamWorks SKG
(818) 695-3821

More information about the python-ldap mailing list