Date: Thu, 7 Oct 2010 16:44:06 +1030 From: Indexer <indexer@internode.on.net> To: FBSD? <freebsd-questions@freebsd.org> Subject: Sasl passthrough authentication Message-ID: <2EF6AF20-77FC-4B41-9BFB-382EBEE21E93@internode.on.net>
next in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
I am attempting to setup SASL passthrough authentication on a server.=20
I have install and configured saslauthd, and plan to use this with =
kerberos5
When i attempt to use the command
testsaslauthd -u william@REALM -p supersecretpassword
I get the following in /var/log/messages.
Oct 7 16:37:13 blackrabbit saslauthd[1557]: auth_krb5: =
k5support_verify_tgt
[root@blackrabbit ~]# saslauthd -a kerberos5 -d -V
saslauthd[1555] :main : num_procs : 5
saslauthd[1555] :main : mech_option: NULL
saslauthd[1555] :main : run_path : /var/run/saslauthd
saslauthd[1555] :main : auth_mech : kerberos5
saslauthd[1555] :ipc_init : using accept lock file: =
/var/run/saslauthd/mux.accept
saslauthd[1555] :detach_tty : master pid is: 0
saslauthd[1555] :ipc_init : listening on socket: =
/var/run/saslauthd/mux
saslauthd[1555] :main : using process model
saslauthd[1555] :have_baby : forked child: 1556
saslauthd[1556] :get_accept_lock : acquired accept lock
saslauthd[1555] :have_baby : forked child: 1557
saslauthd[1555] :have_baby : forked child: 1558
saslauthd[1555] :have_baby : forked child: 1559
saslauthd[1557] :rel_accept_lock : released accept lock
saslauthd[1558] :get_accept_lock : acquired accept lock
saslauthd[1557] :do_auth : auth failure: [user=3Dwilliam@REALM] =
[service=3Dimap] [realm=3D] [mech=3Dkerberos5] [reason=3Dsaslauthd =
internal error]
I have looked for help on this, and sadly can only find that i should =
have a host/fqdn@REALM principal in my /etc/krb5.keytab . I have already =
done this however. /etc/hosts also corresponds with this correctly and =
my servers fqdn is listed inside. (host/blackrabbit.realm@REALM)
My krb5kdc log shows=20
Oct 07 16:39:07 blackrabbit.realm krb5kdc[868](info): AS_REQ (4 etypes =
{18 17 16 23}) 127.0.0.1: ISSUE: authtime 1286431747, etypes {rep=3D16 =
tkt=3D16 ses=3D16}, william@REALM for krbtgt/REALM@REALM
I know that i am missing something obvious, but any help or suggestions =
would be appreciated=20
Sincerely
William Brown
pgp.mit.edu
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
iQIcBAEBAgAGBQJMrWUxAAoJEHF16AnLoz6JvrUP/3QTMDtubHs+3OFrujKssQ2W
83LIYlV1lzv3lLkT5BlgudiFqUmVFI2JVZ0/iq8xNUJ8pITFcay+YO7XVkBBq6KI
RDUKdL02b9Z6eV8SXtF20ppT/Z3vvAXxLcwb8/KLAdf6lknf+FhQG07PaOOtf5Um
crgJbVz4mXGR4/+nYXwfWu4WXzBEyEEIbgN6x0RGqg0deWiRfdaG0/VocYM6TSXg
nEDXxWu8eLaKf3tfIiPjuvPaEFTCTreiVRiS7wG7H+UuBo4Wc9A0aPLnchdVn4Xb
POgklHOGKb3W+MrlRSseioOscxTdr+7IB3vDB5TE7uaQuCIOc05pwAWA6PsLjOho
zoTkUpmzA8MRr08AU2Qm6IChEHI+1idpaxaEpgCOUuteBl2GM6WZZBoNqFXINAm+
T7wP4UbH78xT8UYrVbBz9n98/H+Oo8LzX44ov+btQT2CfjQgE3jQpSoJtd8ePSJJ
pRxs/2IOqukPm+tUJH2XLGhpnf2BMUz89Y5NXKF+WF4aQmqihxfvzb/ZDGvstCOw
ch7Eg2+AH2V816Ot9ZHPLZrJzqkTWMORGUVPDjyRlTqIvYUm49MNtog5Vlr7AHDl
Ejgzsjb8FUKgHK17bQSZoPc48bRTwp3As00lnsRDp7xZxKyDvpb36ETVFZMry9WJ
a/1zkAIqMd5/fiWHa0gw
=3DlI71
-----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2EF6AF20-77FC-4B41-9BFB-382EBEE21E93>