testsaslauthd questions and problems
Toby.Russell at vattenfall.de
Toby.Russell at vattenfall.de
Wed Feb 8 02:33:33 EST 2006
Hello all,
perhaps failure is a success, who knows... The result I get from:
testsaslauthd -u trussell -p somepass -s lalala
is this:
saslauthd[1527] :rel_accept_lock : released accept lock
saslauthd[1528] :get_accept_lock : acquired accept lock
saslauthd[1527] :do_auth : auth failure: [user=trussell] [service=lalala] [realm=] [mech=kerberos5] [reason=saslauthd internal error]
0: NO "authentication failed"
HOWEVER! In my kdc.log it seems my request was a success, and is always so regardless of what I do with password or service, unless I add -r VATTENFALL.KRB.UNIX, or indeed any bogus realm (in which case the KDC does not respond), or use a nonexistent user (without -r) (in which case KDC says user not found):
Feb 08 08:17:34 isuadm02 krb5kdc[14023](info): AS_REQ (7 etypes {18 17 16 23 1 3 2}) 10.20.8.111: ISSUE: authtime 1139383054, etypes {rep=16 tkt=16 ses=16}, trussell at VATTENFALL.KRB.UNIX for krbtgt/VATTENFALL.KRB.UNIX at VATTENFALL.KRB.UNIX.
Failure or success? I'm not sure any more. This is how /var/adm/messages sees it:
saslauthd[1527]: [ID 341984 auth.error] auth_krb5: krb5_get_init_creds_password: -1765328353 # when the password is wrong
and:
saslauthd[1527]: [ID 223954 auth.error] auth_krb5: krb5_parse_name # when the password is correct.
saslauthd is started like this: /usr/local/sbin/saslauthd -r -a kerberos5 -d, and was compiled without-des, and pretty much only with gssapi.
I have the strong suspicion I am missing something obvious, that I have not grasped fully how testsaslauthd does its thing. Can anyone out there point out the error of my ways?
By the way, the sample/server sample/client test works just fine. Oh, and I am configuring sasl for OpenLDAP, which is not yet configured, since I would like to know sasl is working before I plough on with LDAP. All this on Solaris 10, the KDC is Solaris 8. Kerberos otherwise works perfectly.
Cheers
Toby Russell
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Vattenfall Europe Information Services GmbH
Datacentre Systemservice
Überseering 12
22297 Hamburg
Standort
Rohrdamm 7
13629 Berlin
fon +49 (0) 30 60005 - 4533
fax +49 (0) 30 60005 - 4549
E-Mail mailto:toby.russell at vattenfall.de
Internet http://www.vattenfall.de/is
More information about the Cyrus-sasl
mailing list