<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#ffffff">
On 2/26/2011 10:13 PM, Daniel Norton wrote:
<blockquote cite="mid:4D69CF53.4000205@danielnorton.com" type="cite">
<pre wrap="">Briefly, this works fine:
$ kadmin -p username -w password
But this fails:
$ testsaslauthd -u username -p password
0: NO "authentication failed"
</pre>
</blockquote>
<br>
I found the problem, and had actually seen the solution in this
list’s archives:<br>
<a href="http://www.irbs.net/internet/cyrus-sasl/0603/0028.html">http://www.irbs.net/internet/cyrus-sasl/0603/0028.html</a><br>
<br>
My ultimate problem was that I was thinking that the domain name for
my server principal name could be whatever I chose, and I chose
host/example.com@REALM, but the principal name must actually be
host/<i>subdomain</i>.example.com@REALM (where
"subdomain.example.com" is whatever is returned from <b>gethostname()</b>).
It’s obvious, now that I know the solution!<br>
<br>
While stepping through the libkrb code I saw quite a number of other
conditions that result in the catch-all “internal error” description
(many of which could only be divined by stepping through the code),
but that’s an age-old problem that’s obviously not going to get
fixed anytime soon.<br>
<br>
--<br>
Daniel<br>
<br>
</body>
</html>