Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

Added ticket renewal cronjob - now getting error: webauthldap(): ldap_sasl_interactive_bind_s: Local error (-2)

Russ Allbery eagle at
Wed Sep 14 15:42:44 PDT 2011

Fletcher Cocquyt <fcocquyt at> writes:

> Our developer was complaining the ldap ticket was expiring too soon so I
> added a cronjob to renew once per hour :

The ticket cache used by mod_webauthldap is an internal implementation
detail that really shouldn't be used by anything outside of the WebAuth
Apache modules.  If you want to use the same principal for another
purpose, it's best to generate a completely separate ticket cache from the
same keytab and point other code at that.

> 4 * * * *  /usr/local/bin/k5start -f /etc/httpd/conf/webauth/keytab -k /tmp/
> service-apache.tkt -v ­U

> And while the /tmp/service-apache.tkt is updating with the cronjob, the
> webapp is now logging:
> [Wed Sep 14 14:06:17 2011] [error] webauthldap(fcocquyt):
> ldap_sasl_interactive_bind_s: Local error (-2)

I suspect k5start is generating it with the wrong permissions.

Russ Allbery <eagle at>
Technical Lead, ITS Infrastructure Delivery Group, Stanford University

More information about the webauth-info mailing list