Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

Added ticket renewal cronjob - now getting error: webauthldap(): ldap_sasl_interactive_bind_s: Local error (-2)

Fletcher Cocquyt fcocquyt at stanford.edu
Wed Sep 14 15:48:02 PDT 2011


Yes, it was a permission error preventing apache from reading the ticket
cache 

Chown apache /tmp/service-apache.tkt

Resolved this

thanks

On 9/14/11 3:42 PM, "Russ Allbery" <eagle at windlord.stanford.edu> wrote:

> Fletcher Cocquyt <fcocquyt at stanford.edu> writes:
> 
>> Our developer was complaining the ldap ticket was expiring too soon so I
>> added a cronjob to renew once per hour :
> 
> The ticket cache used by mod_webauthldap is an internal implementation
> detail that really shouldn't be used by anything outside of the WebAuth
> Apache modules.  If you want to use the same principal for another
> purpose, it's best to generate a completely separate ticket cache from the
> same keytab and point other code at that.
> 
>> 4 * * * *  /usr/local/bin/k5start -f /etc/httpd/conf/webauth/keytab -k /tmp/
>> service-apache.tkt -v ­U
> 
>> And while the /tmp/service-apache.tkt is updating with the cronjob, the
>> webapp is now logging:
>> [Wed Sep 14 14:06:17 2011] [error] webauthldap(fcocquyt):
>> ldap_sasl_interactive_bind_s: Local error (-2)
> 
> I suspect k5start is generating it with the wrong permissions.

-- 
Fletcher Cocquyt
Principal Engineer
Information Resources and Technology (IRT)
Stanford University School of Medicine

Email: fcocquyt at stanford.edu
Phone: (650) 724-7485





More information about the webauth-info mailing list