Comment 4 for bug 1472639

Hi Ryan,

Thanks for looking into this. Unfortunately I don't have much to add to my earlier response in this thread. Here are the only kerberos-related types of lines that I have in slapd.conf:

authz-regexp
    uid=([^,]*),cn=([^,]*),cn=gssapi,cn=auth
    ldap:///dc=example,dc=com??sub?(exampleKrb5PrincipalName=$1@$2)
sasl-realm EXAMPLE.COM
sasl-secprops minssf=0

As I mentioned before, I do have an /etc/krb5.keytab. ldapwhoami -Y GSSAPI works fine. I don't know precisely how slapd ends up using kcm. slapd is linked with libheimbase.so.1, so presumably it ends up calling some heimdal library function that ends up accessing that socket.