Sasl passthrough authentication

Indexer indexer at internode.on.net
Thu Oct 7 06:14:14 UTC 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

I am attempting to setup SASL passthrough authentication on a server. 

I have install and configured saslauthd, and plan to use this with kerberos5

When i attempt to use the command

testsaslauthd -u william at REALM -p supersecretpassword

I get the following in /var/log/messages.

Oct  7 16:37:13 blackrabbit saslauthd[1557]: auth_krb5: k5support_verify_tgt

[root at blackrabbit ~]# saslauthd -a kerberos5 -d -V
saslauthd[1555] :main            : num_procs  : 5
saslauthd[1555] :main            : mech_option: NULL
saslauthd[1555] :main            : run_path   : /var/run/saslauthd
saslauthd[1555] :main            : auth_mech  : kerberos5
saslauthd[1555] :ipc_init        : using accept lock file: /var/run/saslauthd/mux.accept
saslauthd[1555] :detach_tty      : master pid is: 0
saslauthd[1555] :ipc_init        : listening on socket: /var/run/saslauthd/mux
saslauthd[1555] :main            : using process model
saslauthd[1555] :have_baby       : forked child: 1556
saslauthd[1556] :get_accept_lock : acquired accept lock
saslauthd[1555] :have_baby       : forked child: 1557
saslauthd[1555] :have_baby       : forked child: 1558
saslauthd[1555] :have_baby       : forked child: 1559
saslauthd[1557] :rel_accept_lock : released accept lock
saslauthd[1558] :get_accept_lock : acquired accept lock
saslauthd[1557] :do_auth         : auth failure: [user=william at REALM] [service=imap] [realm=] [mech=kerberos5] [reason=saslauthd internal error]

I have looked for help on this, and sadly can only find that i should have a host/fqdn at REALM principal in my /etc/krb5.keytab . I have already done this however. /etc/hosts also corresponds with this correctly and my servers fqdn is listed inside. (host/blackrabbit.realm at REALM)

My krb5kdc log shows 

Oct 07 16:39:07 blackrabbit.realm krb5kdc[868](info): AS_REQ (4 etypes {18 17 16 23}) 127.0.0.1: ISSUE: authtime 1286431747, etypes {rep=16 tkt=16 ses=16}, william at REALM for krbtgt/REALM at REALM

I know that i am missing something obvious, but any help or suggestions would be appreciated 

Sincerely

William Brown

pgp.mit.edu



-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)

iQIcBAEBAgAGBQJMrWUxAAoJEHF16AnLoz6JvrUP/3QTMDtubHs+3OFrujKssQ2W
83LIYlV1lzv3lLkT5BlgudiFqUmVFI2JVZ0/iq8xNUJ8pITFcay+YO7XVkBBq6KI
RDUKdL02b9Z6eV8SXtF20ppT/Z3vvAXxLcwb8/KLAdf6lknf+FhQG07PaOOtf5Um
crgJbVz4mXGR4/+nYXwfWu4WXzBEyEEIbgN6x0RGqg0deWiRfdaG0/VocYM6TSXg
nEDXxWu8eLaKf3tfIiPjuvPaEFTCTreiVRiS7wG7H+UuBo4Wc9A0aPLnchdVn4Xb
POgklHOGKb3W+MrlRSseioOscxTdr+7IB3vDB5TE7uaQuCIOc05pwAWA6PsLjOho
zoTkUpmzA8MRr08AU2Qm6IChEHI+1idpaxaEpgCOUuteBl2GM6WZZBoNqFXINAm+
T7wP4UbH78xT8UYrVbBz9n98/H+Oo8LzX44ov+btQT2CfjQgE3jQpSoJtd8ePSJJ
pRxs/2IOqukPm+tUJH2XLGhpnf2BMUz89Y5NXKF+WF4aQmqihxfvzb/ZDGvstCOw
ch7Eg2+AH2V816Ot9ZHPLZrJzqkTWMORGUVPDjyRlTqIvYUm49MNtog5Vlr7AHDl
Ejgzsjb8FUKgHK17bQSZoPc48bRTwp3As00lnsRDp7xZxKyDvpb36ETVFZMry9WJ
a/1zkAIqMd5/fiWHa0gw
=lI71
-----END PGP SIGNATURE-----


More information about the freebsd-questions mailing list