Date: Tue, 28 Sep 2010 10:07:44 +0200 From: Martin Schweizer <office@pc-service.ch> To: freebsd-questions@freebsd.org Subject: Problem with SASL authentication against Kerberos5 (Windows Active Directory) Message-ID: <20100928080744.GA80050@saturn.pcs.ms>
next in thread | raw e-mail | index | archive | help
Hello My system: FreeBSD 8.1-RELEASE FreeBSD 8.1-RELEASE #2: Tue Aug 31 17:07:54 CEST 2010 :/usr/obj/usr/src/sys/GENERIC i386 Relevant part of the installed software: # pkg_info|grep cyrus cyrus-imapd-2.3.16_2 The cyrus mail server, supporting POP3 and IMAP4 protocols cyrus-sasl-2.1.23 RFC 2222 SASL (Simple Authentication and Security Layer) cyrus-sasl-saslauthd-2.1.23 SASL authentication server for cyrus-sasl2 Kerberos5 settings: They are all ok, because I can these cross check by using kinit (and such tools), ldapsearch and of course the security event protocol of the domain controllers. So I can say all this is ok. /etc/rc.conf: [snip] saslauthd_enable="YES" saslauthd_flags="-a kerberos5" I use three of the above servers and with two of them I have no such problems. Here what is going wrong: After I update all my ports I can no longer authenticate against Kerberos5. The test with testsaslauthd -u usernamex -p passwordx ends always in 0: NO "authentication failed". In /var/log/auth.log I can see Sep 24 08:07:28 saslauthd[83827]: do_auth : auth failure: [user=martin] [service=imap] [realm=] [mech=kerberos5] [reason=krb5_verify_user_opt failed]. What's intressting if I use saslauthd_flags="-a pam" then all is working as expected. And again before the update all worked without any problems. Any ideas? Regards, -- Martin Schweizer <office@pc-service.ch> PC-Service M. Schweizer GmbH; Bannholzstrasse 6; CH-8608 Bubikon Tel. +41 55 243 30 00; Fax: +41 55 243 33 22
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100928080744.GA80050>