Date: Thu, 7 Oct 2010 16:44:06 +1030 From: Indexer <indexer@internode.on.net> To: FBSD? <freebsd-questions@freebsd.org> Subject: Sasl passthrough authentication Message-ID: <2EF6AF20-77FC-4B41-9BFB-382EBEE21E93@internode.on.net>
next in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I am attempting to setup SASL passthrough authentication on a server.=20 I have install and configured saslauthd, and plan to use this with = kerberos5 When i attempt to use the command testsaslauthd -u william@REALM -p supersecretpassword I get the following in /var/log/messages. Oct 7 16:37:13 blackrabbit saslauthd[1557]: auth_krb5: = k5support_verify_tgt [root@blackrabbit ~]# saslauthd -a kerberos5 -d -V saslauthd[1555] :main : num_procs : 5 saslauthd[1555] :main : mech_option: NULL saslauthd[1555] :main : run_path : /var/run/saslauthd saslauthd[1555] :main : auth_mech : kerberos5 saslauthd[1555] :ipc_init : using accept lock file: = /var/run/saslauthd/mux.accept saslauthd[1555] :detach_tty : master pid is: 0 saslauthd[1555] :ipc_init : listening on socket: = /var/run/saslauthd/mux saslauthd[1555] :main : using process model saslauthd[1555] :have_baby : forked child: 1556 saslauthd[1556] :get_accept_lock : acquired accept lock saslauthd[1555] :have_baby : forked child: 1557 saslauthd[1555] :have_baby : forked child: 1558 saslauthd[1555] :have_baby : forked child: 1559 saslauthd[1557] :rel_accept_lock : released accept lock saslauthd[1558] :get_accept_lock : acquired accept lock saslauthd[1557] :do_auth : auth failure: [user=3Dwilliam@REALM] = [service=3Dimap] [realm=3D] [mech=3Dkerberos5] [reason=3Dsaslauthd = internal error] I have looked for help on this, and sadly can only find that i should = have a host/fqdn@REALM principal in my /etc/krb5.keytab . I have already = done this however. /etc/hosts also corresponds with this correctly and = my servers fqdn is listed inside. (host/blackrabbit.realm@REALM) My krb5kdc log shows=20 Oct 07 16:39:07 blackrabbit.realm krb5kdc[868](info): AS_REQ (4 etypes = {18 17 16 23}) 127.0.0.1: ISSUE: authtime 1286431747, etypes {rep=3D16 = tkt=3D16 ses=3D16}, william@REALM for krbtgt/REALM@REALM I know that i am missing something obvious, but any help or suggestions = would be appreciated=20 Sincerely William Brown pgp.mit.edu -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) iQIcBAEBAgAGBQJMrWUxAAoJEHF16AnLoz6JvrUP/3QTMDtubHs+3OFrujKssQ2W 83LIYlV1lzv3lLkT5BlgudiFqUmVFI2JVZ0/iq8xNUJ8pITFcay+YO7XVkBBq6KI RDUKdL02b9Z6eV8SXtF20ppT/Z3vvAXxLcwb8/KLAdf6lknf+FhQG07PaOOtf5Um crgJbVz4mXGR4/+nYXwfWu4WXzBEyEEIbgN6x0RGqg0deWiRfdaG0/VocYM6TSXg nEDXxWu8eLaKf3tfIiPjuvPaEFTCTreiVRiS7wG7H+UuBo4Wc9A0aPLnchdVn4Xb POgklHOGKb3W+MrlRSseioOscxTdr+7IB3vDB5TE7uaQuCIOc05pwAWA6PsLjOho zoTkUpmzA8MRr08AU2Qm6IChEHI+1idpaxaEpgCOUuteBl2GM6WZZBoNqFXINAm+ T7wP4UbH78xT8UYrVbBz9n98/H+Oo8LzX44ov+btQT2CfjQgE3jQpSoJtd8ePSJJ pRxs/2IOqukPm+tUJH2XLGhpnf2BMUz89Y5NXKF+WF4aQmqihxfvzb/ZDGvstCOw ch7Eg2+AH2V816Ot9ZHPLZrJzqkTWMORGUVPDjyRlTqIvYUm49MNtog5Vlr7AHDl Ejgzsjb8FUKgHK17bQSZoPc48bRTwp3As00lnsRDp7xZxKyDvpb36ETVFZMry9WJ a/1zkAIqMd5/fiWHa0gw =3DlI71 -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2EF6AF20-77FC-4B41-9BFB-382EBEE21E93>