testsaslauthd questions and problems

Toby.Russell at vattenfall.de Toby.Russell at vattenfall.de
Wed Feb 8 02:33:33 EST 2006 

Hello all,

perhaps failure is a success, who knows... The result I get from:

testsaslauthd -u trussell -p somepass -s lalala

is this:

saslauthd[1527] :rel_accept_lock : released accept lock
saslauthd[1528] :get_accept_lock : acquired accept lock
saslauthd[1527] :do_auth         : auth failure: [user=trussell] [service=lalala] [realm=] [mech=kerberos5] [reason=saslauthd internal error]
0: NO "authentication failed"

HOWEVER! In my kdc.log it seems my request was a success, and is always so regardless of what I do with password or service, unless I add -r VATTENFALL.KRB.UNIX, or indeed any bogus realm (in which case the KDC does not respond), or use a nonexistent user (without -r) (in which case KDC says user not found):

Feb 08 08:17:34 isuadm02 krb5kdc[14023](info): AS_REQ (7 etypes {18 17 16 23 1 3 2}) 10.20.8.111: ISSUE: authtime 1139383054, etypes {rep=16 tkt=16 ses=16}, trussell at VATTENFALL.KRB.UNIX for krbtgt/VATTENFALL.KRB.UNIX at VATTENFALL.KRB.UNIX.

Failure or success? I'm not sure any more. This is how /var/adm/messages sees it:

saslauthd[1527]: [ID 341984 auth.error] auth_krb5: krb5_get_init_creds_password: -1765328353 # when the password is wrong

and:

saslauthd[1527]: [ID 223954 auth.error] auth_krb5: krb5_parse_name # when the password is correct.

saslauthd is started like this: /usr/local/sbin/saslauthd -r -a kerberos5 -d, and was compiled without-des, and pretty much only with gssapi.

I have the strong suspicion I am missing something obvious, that I have not grasped fully how testsaslauthd does its thing. Can anyone out there point out the error of my ways?

By the way, the sample/server sample/client test works just fine. Oh, and I am configuring sasl for OpenLDAP, which is not yet configured, since I would like to know sasl is working before I plough on with LDAP. All this on Solaris 10, the KDC is Solaris 8. Kerberos otherwise works perfectly.

Cheers
  
Toby Russell
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Vattenfall Europe Information Services GmbH
Datacentre Systemservice         
Überseering 12
22297 Hamburg
  
Standort
Rohrdamm 7
13629 Berlin
fon +49 (0) 30 60005 - 4533
fax +49 (0) 30 60005 - 4549
E-Mail   mailto:toby.russell at vattenfall.de
Internet http://www.vattenfall.de/is

More information about the Cyrus-sasl mailing list