The iManager plug-in for SASL-GSSAPI will not work if iManager is not configured to use SSL/TLS connection to eDirectory. A secure connection is mandated to protect the realm's master key and principal keys.
By default, iManager is usually configured for SSL/TLS connection to eDirectory. If you want to configure the Kerberos Login Method for GSSAPI on a tree other than the one that hosts the iManager configuration, you need to configure iManager for SSL/TLS connection to eDirectory.
For information on configuring iManager with SSL/TLS connection to eDirectory, refer to the iManager 2.6 Administration Guide.
The iManager plug-in for SASL-GSSAPI (kerberosPlugin.npm) is available as a part of both eDir_88_iMan26_Plugins.npm and eDir_88_iMan27_Plugins.npm files. Download the NPMs from the Web.
To use a Kerberos ticket to authenticate to an eDirectory server:
Extend the Kerberos schema.
Create a Realm container.
Extract a Service Principal Key or Shared Key from KDC.
Create the LDAP Service Principal object.
Associate a Kerberos principal name with the User Object.
For information on the above steps, refer to the Configuring GSSAPI with eDirectory in Novell eDirectory 8.8 Administration Guide