Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

Cyrus SASL and kerberos
 View unanswered posts
View posts from last 24 hours
View posts from last 7 days

 
Reply to topic    Gentoo Forums Forum Index Desktop Environments
View previous topic :: View next topic  
Author Message
VoVaN
l33t
l33t


Joined: 02 Jul 2003
Posts: 701
Location: The Netherlands
PostPosted: Sat Sep 20, 2008 7:54 am    Post subject: Cyrus SASL and kerberos Reply with quote
I'm trying to get sasl with kerberos working, but even a simple "testsaslauthd -u user -p password" doesn't work...
What I've done in short:
- got kdc running, so kinit works with test user
- add principal and entry in keytab file for ldap
- started saslauthd -a kerberos5 -d
- "testsaslauthd -u test -p pwd -s ldap -r NET.HOME" prints:
Code:
0: NO "authentication failed"

and saslauthd
Code:
saslauthd[9453] :main            : num_procs  : 5
saslauthd[9453] :main            : mech_option: NULL
saslauthd[9453] :main            : run_path   : /var/lib/sasl2
saslauthd[9453] :main            : auth_mech  : kerberos5
saslauthd[9453] :ipc_init        : using accept lock file: /var/lib/sasl2/mux.accept
saslauthd[9453] :detach_tty      : master pid is: 0
saslauthd[9453] :ipc_init        : listening on socket: /var/lib/sasl2/mux
saslauthd[9453] :main            : using process model
saslauthd[9453] :have_baby       : forked child: 9454
saslauthd[9454] :get_accept_lock : acquired accept lock
saslauthd[9453] :have_baby       : forked child: 9455
saslauthd[9453] :have_baby       : forked child: 9456
saslauthd[9453] :have_baby       : forked child: 9457
saslauthd[9454] :rel_accept_lock : released accept lock
saslauthd[9457] :get_accept_lock : acquired accept lock
saslauthd[9454] :do_auth         : auth failure: [user=test] [service=ldap] [realm=NET.HOME] [mech=kerberos5] [reason=saslauthd internal error]

however, it looks like everything is fine with kerberos:
Code:
[krb5kdc] AS_REQ (7 etypes {18 17 16 23 1 3 2}) 192.168.1.1: ISSUE: authtime 1221896662, etypes {rep=16 tkt=16 ses=16}, test@NET.HOME for krbtgt/NET.HOME@NET.HOME


I've tried to search, but can't find something useful...
I would appreciate if somebody could point me to a useful documentation/howto.
Back to top
View user's profile Send private message
notHerbert
Advocate
Advocate


Joined: 11 Mar 2008
Posts: 2228
Location: 45N 73W
PostPosted: Sat Sep 20, 2008 4:44 pm    Post subject: Reply with quote
I'm not on my kerberos box now, but normally kerberos scrambles the princ passwd the first time around.

Try running kadmin.local and cpw <user> to reset the passwd.
:)
Back to top
View user's profile Send private message
VinzC
Watchman
Watchman


Joined: 17 Apr 2004
Posts: 5098
Location: Dark side of the mood
PostPosted: Sat Sep 20, 2008 4:58 pm    Post subject: Reply with quote
Here's a great step-by-step guide to ldap/kerberos. I followed it and I must admit it's very well done -- in case you want to setup an LDAP server with kerberos authentication.
_________________
Gentoo addict: tomorrow I quit, I promise!... Just one more emerge...
1739!
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Desktop Environments All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy