On 31 Aug 2006, at 22:59, Quanah Gibson-Mount wrote:
Yep, MIT Kerberos is exactly what I was beginning to expect as
well, which is why I asked about the Kerberos libraries being
used. That's what it looks like is being used from Allan's
libraries he provided as wel.
As mentioned on
On Thu, Aug 31, 2006 at 02:59:10PM -0700, Quanah Gibson-Mount wrote:
Yep, MIT Kerberos is exactly what I was beginning to expect as well, which
is why I asked about the Kerberos libraries being used. That's what it
looks like is being used from Allan's libraries he provided as wel.
As
--On Friday, September 01, 2006 9:45 AM -0300 Andreas Hasenack
[EMAIL PROTECTED] wrote:
On Thu, Aug 31, 2006 at 02:59:10PM -0700, Quanah Gibson-Mount wrote:
Yep, MIT Kerberos is exactly what I was beginning to expect as well,
which is why I asked about the Kerberos libraries being used.
As I mailed yesterday, I've been seeing my slaves not get updates once their
initial kerberos ticket period expires.
On the server, I see this, using -d-1 on the master:
SASL [conn=1] Failure: GSSAPI Error: The context has expired (No error)
sb_sasl_write: failed to encode packet: generic
--On Thursday, August 31, 2006 10:29 AM -0400 Allan E. Johannesen
[EMAIL PROTECTED] wrote:
As a wild guess, I think I may be seeing this problem since I may be
using a different version sasl (2.1.21) than others. It could be that an
older sasl may not have been checking ticket age.
I
--On Thursday, August 31, 2006 10:18 AM -0700 Quanah Gibson-Mount
[EMAIL PROTECTED] wrote:
--On Thursday, August 31, 2006 10:29 AM -0400 Allan E. Johannesen
[EMAIL PROTECTED] wrote:
As a wild guess, I think I may be seeing this problem since I may be
using a different version sasl
quanah == Quanah Gibson-Mount [EMAIL PROTECTED] writes:
quanah Oh, I had another thought... Why are your replica's getting
quanah disconnected in the first place? The point of the persistent
quanah connection is for it to always stay active. Do you have some type of
quanah limits set on the
--On Thursday, August 31, 2006 2:19 PM -0400 Allan E. Johannesen
[EMAIL PROTECTED] wrote:
quanah == Quanah Gibson-Mount [EMAIL PROTECTED] writes:
quanah Oh, I had another thought... Why are your replica's getting
quanah disconnected in the first place? The point of the persistent
quanah
--On Thursday, August 31, 2006 4:05 PM -0400 Allan E. Johannesen
[EMAIL PROTECTED] wrote:
First, as the subject has always said, I figure I've done something odd.
However, I don't know what that is.
quanah == Quanah Gibson-Mount [EMAIL PROTECTED] writes:
quanah Do you have some type of
First, as the subject has always said, I figure I've done something odd.
However, I don't know what that is.
quanah == Quanah Gibson-Mount [EMAIL PROTECTED] writes:
quanah Do you have some type of limits set on the master for connections? If
quanah you do, you need to bypass those for your
quanah == Quanah Gibson-Mount [EMAIL PROTECTED] writes:
quanah --On Thursday, August 31, 2006 2:19 PM -0400 Allan E. Johannesen
quanah [EMAIL PROTECTED] wrote:
quanah But my point is, it shouldn't be initiating a disconnect in the first
quanah place (because then the connection isn't
won't help, as the new credentials will only be
used when establishing a new security context, which only happens when a new
connection is opened.
Simon.
-Original Message-
From: Allan E. Johannesen [EMAIL PROTECTED]
Subj: Re: errant SASL/GSSAPI setup?
Date: Thu 31 Aug 2006 21:05
simon == [EMAIL PROTECTED] writes:
simon Just renewing your credentials won't help, as the new credentials will
simon only be used when establishing a new security context, which only
simon happens when a new connection is opened.
Thanks. Yes, that's exactly what I was seeing.
I've been using rootdn passwords over TLS with slurpd and since switching to
syncrepl. Seeing a posting by Quanah Gibson-Mount [EMAIL PROTECTED] some
weeks ago about k5start and KRB5CCNAME, I was inspired to try to make the
switch.
I grabbed kstart-3.5 and installed it and installed a
--On Wednesday, August 30, 2006 10:19 AM -0400 Allan E. Johannesen
[EMAIL PROTECTED] wrote:
I've been using rootdn passwords over TLS with slurpd and since switching
to syncrepl. Seeing a posting by Quanah Gibson-Mount
[EMAIL PROTECTED] some weeks ago about k5start and KRB5CCNAME, I was
--On Wednesday, August 30, 2006 8:24 AM -0700 Quanah Gibson-Mount
[EMAIL PROTECTED] wrote:
--On Wednesday, August 30, 2006 10:19 AM -0400 Allan E. Johannesen
[EMAIL PROTECTED] wrote:
I've been using rootdn passwords over TLS with slurpd and since switching
to syncrepl. Seeing a posting
--On Wednesday, August 30, 2006 12:36 PM -0400 Allan E. Johannesen
[EMAIL PROTECTED] wrote:
Thanks for looking into the problem.
Well, interesting.. The reason I wasn't seeing this problem is because I
was stopping/restarting my servers nightly, so they'd always get a new
ldap/*
--On Wednesday, August 30, 2006 9:47 AM -0700 Quanah Gibson-Mount
[EMAIL PROTECTED] wrote:
--On Wednesday, August 30, 2006 12:36 PM -0400 Allan E. Johannesen
[EMAIL PROTECTED] wrote:
Thanks for looking into the problem.
Never mind, my ldap servers are replicating just fine.. shew.
quanah == Quanah Gibson-Mount [EMAIL PROTECTED] writes:
quanah --On Wednesday, August 30, 2006 12:36 PM -0400 Allan E. Johannesen
quanah [EMAIL PROTECTED] wrote:
Thanks for looking into the problem.
quanah Well, interesting.. The reason I wasn't seeing this problem is because
quanah I was
quanah == Quanah Gibson-Mount [EMAIL PROTECTED] writes:
quanah --On Wednesday, August 30, 2006 9:47 AM -0700 Quanah Gibson-Mount
quanah [EMAIL PROTECTED] wrote:
--On Wednesday, August 30, 2006 12:36 PM -0400 Allan E. Johannesen
[EMAIL PROTECTED] wrote:
Thanks for looking into the
--On Wednesday, August 30, 2006 12:57 PM -0400 Allan E. Johannesen
[EMAIL PROTECTED] wrote:
Yes, I should put that in there. I just trimmed the simple stuff
(dn/password) out and put in sasl. I should have specified the
mechanism.
Nothing else could work in my instance, anyway.
There
quanah == Quanah Gibson-Mount [EMAIL PROTECTED] writes:
quanah --On Wednesday, August 30, 2006 12:57 PM -0400 Allan E. Johannesen
quanah [EMAIL PROTECTED] wrote:
Yes, I should put that in there. I just trimmed the simple stuff
(dn/password) out and put in sasl. I should have specified the
--On Wednesday, August 30, 2006 10:19 AM -0400 Allan E. Johannesen
[EMAIL PROTECTED] wrote:
I've been using rootdn passwords over TLS with slurpd and since switching
to syncrepl. Seeing a posting by Quanah Gibson-Mount
[EMAIL PROTECTED] some weeks ago about k5start and KRB5CCNAME, I was
quanah == Quanah Gibson-Mount [EMAIL PROTECTED] writes:
quanah --On Wednesday, August 30, 2006 10:19 AM -0400 Allan E. Johannesen
quanah [EMAIL PROTECTED] wrote:
I've been using rootdn passwords over TLS with slurpd and since switching to
syncrepl. Seeing a posting by Quanah Gibson-Mount
--On Wednesday, August 30, 2006 3:44 PM -0400 Allan E. Johannesen
[EMAIL PROTECTED] wrote:
quanah == Quanah Gibson-Mount [EMAIL PROTECTED] writes:
quanah The reason things still work between (d) (e) is because the
quanah connection is *persistent*. The ldap/* bit for the master is only
quanah == Quanah Gibson-Mount [EMAIL PROTECTED] writes:
quanah Define bind up?
I do an update on the master and the slave shows no activity. Restarting it
shows the update coming across.
quanah == Quanah Gibson-Mount [EMAIL PROTECTED] writes:
quanah The reason things still work between (d) (e) is because the
quanah connection is *persistent*. The ldap/* bit for the master is only
quanah necessary for establishing the initial connection. That is why
quanah replication
27 matches
Mail list logo
