"Daniel B. Thurman" <dant@xxxxxxxxx> wrote:
> Since for LDAP, I am using a different keytab at /etc/openldap/ldap.keytab,
> I have added the KRB5_KTNAME variable to the /etc/sysconfig/ldap file,
> which to note, does not exists as a default file, which is not a big deal.
>
> I did check to see if the KRB5_KTNAME variable was slurped into the
> /etc/init.d/ldap script and so far it appears to be there all the way through
> to the exec command - so I cannot see why the exec in the script does
> not allow ldap/SASL to work the same manner that I run manually from
> the command line as root user, which works.
>
> Can anyone tell me what might be going on in the
> off-chance that I am doing something wrong? :-)
Did you say "export KRB5_KTNAME=FILE:/etc/openldap/ldap.keytab"?
^^^^^
Is the keytab file readable by the ldap user?
-- Steve Bonneville
