Sasl passthrough authentication
Indexer
indexer at internode.on.net
Thu Oct 7 06:14:14 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
I am attempting to setup SASL passthrough authentication on a server.
I have install and configured saslauthd, and plan to use this with kerberos5
When i attempt to use the command
testsaslauthd -u william at REALM -p supersecretpassword
I get the following in /var/log/messages.
Oct 7 16:37:13 blackrabbit saslauthd[1557]: auth_krb5: k5support_verify_tgt
[root at blackrabbit ~]# saslauthd -a kerberos5 -d -V
saslauthd[1555] :main : num_procs : 5
saslauthd[1555] :main : mech_option: NULL
saslauthd[1555] :main : run_path : /var/run/saslauthd
saslauthd[1555] :main : auth_mech : kerberos5
saslauthd[1555] :ipc_init : using accept lock file: /var/run/saslauthd/mux.accept
saslauthd[1555] :detach_tty : master pid is: 0
saslauthd[1555] :ipc_init : listening on socket: /var/run/saslauthd/mux
saslauthd[1555] :main : using process model
saslauthd[1555] :have_baby : forked child: 1556
saslauthd[1556] :get_accept_lock : acquired accept lock
saslauthd[1555] :have_baby : forked child: 1557
saslauthd[1555] :have_baby : forked child: 1558
saslauthd[1555] :have_baby : forked child: 1559
saslauthd[1557] :rel_accept_lock : released accept lock
saslauthd[1558] :get_accept_lock : acquired accept lock
saslauthd[1557] :do_auth : auth failure: [user=william at REALM] [service=imap] [realm=] [mech=kerberos5] [reason=saslauthd internal error]
I have looked for help on this, and sadly can only find that i should have a host/fqdn at REALM principal in my /etc/krb5.keytab . I have already done this however. /etc/hosts also corresponds with this correctly and my servers fqdn is listed inside. (host/blackrabbit.realm at REALM)
My krb5kdc log shows
Oct 07 16:39:07 blackrabbit.realm krb5kdc[868](info): AS_REQ (4 etypes {18 17 16 23}) 127.0.0.1: ISSUE: authtime 1286431747, etypes {rep=16 tkt=16 ses=16}, william at REALM for krbtgt/REALM at REALM
I know that i am missing something obvious, but any help or suggestions would be appreciated
Sincerely
William Brown
pgp.mit.edu
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
iQIcBAEBAgAGBQJMrWUxAAoJEHF16AnLoz6JvrUP/3QTMDtubHs+3OFrujKssQ2W
83LIYlV1lzv3lLkT5BlgudiFqUmVFI2JVZ0/iq8xNUJ8pITFcay+YO7XVkBBq6KI
RDUKdL02b9Z6eV8SXtF20ppT/Z3vvAXxLcwb8/KLAdf6lknf+FhQG07PaOOtf5Um
crgJbVz4mXGR4/+nYXwfWu4WXzBEyEEIbgN6x0RGqg0deWiRfdaG0/VocYM6TSXg
nEDXxWu8eLaKf3tfIiPjuvPaEFTCTreiVRiS7wG7H+UuBo4Wc9A0aPLnchdVn4Xb
POgklHOGKb3W+MrlRSseioOscxTdr+7IB3vDB5TE7uaQuCIOc05pwAWA6PsLjOho
zoTkUpmzA8MRr08AU2Qm6IChEHI+1idpaxaEpgCOUuteBl2GM6WZZBoNqFXINAm+
T7wP4UbH78xT8UYrVbBz9n98/H+Oo8LzX44ov+btQT2CfjQgE3jQpSoJtd8ePSJJ
pRxs/2IOqukPm+tUJH2XLGhpnf2BMUz89Y5NXKF+WF4aQmqihxfvzb/ZDGvstCOw
ch7Eg2+AH2V816Ot9ZHPLZrJzqkTWMORGUVPDjyRlTqIvYUm49MNtog5Vlr7AHDl
Ejgzsjb8FUKgHK17bQSZoPc48bRTwp3As00lnsRDp7xZxKyDvpb36ETVFZMry9WJ
a/1zkAIqMd5/fiWHa0gw
=lI71
-----END PGP SIGNATURE-----
More information about the freebsd-questions
mailing list