saslauthd internal error in k5support_verify_tgt
Andreas Hasenack
ahasenack at terra.com.br
Fri Mar 17 16:12:26 EST 2006
On Fri, Mar 17, 2006 at 04:48:23PM -0300, Andreas Hasenack wrote:
> I'm running version 2.1.22beta and I'm getting this internal error in
> saslauthd when used with kerberos5 authentication:
>
> Mar 17 16:42:57 pandora saslauthd[6157]: auth_krb5: k5support_verify_tgt
> Mar 17 16:42:57 pandora saslauthd[6157]: do_auth : auth failure: [user=andreas] [service=ldap] [realm=MYCNC.COM] [mech=kerberos5] [reason=saslauthd internal error]
>
> The KDC is heimdal, and the client (where saslauthd is running) is built with
> MIT libs, could that be an issue? The Heimdal KDC doesn't seem to have a
> problem with whatever saslauthd is requesting from it:
>
> Mar 17 16:47:19 cs4 kdc[4163]: AS-REQ andreas at MYCNC.COM from IPv4:10.0.2.177 for krbtgt/MYCNC.COM at MYCNC.COM
> Mar 17 16:47:19 cs4 kdc[4163]: Using aes256-cts-hmac-sha1-96/aes256-cts-hmac-sha1-96
> Mar 17 16:47:19 cs4 kdc[4163]: Requested flags: renewable_ok
> Mar 17 16:47:19 cs4 kdc[4163]: sending 565 bytes to IPv4:10.0.2.177
>
I needed to add a host/<fqdn>@REALM keytab (which I only figured out
after reading the source code).
More information about the Cyrus-sasl
mailing list