saslauthd and linux-HA

Back Ports backports at gmail.com
Mon Mar 19 10:19:25 EST 2007


Hi all,

I have 2 postfix servers which are using saslauthd with kerberos as
the authentication mech and clients connecting via gssapi to
authenticate.

All works well when clients come directly to the mail server in
question. However, should the client go through a load balancer which
is accepting connections on a IP which redirects to the actual target
servers, we get principal lookup failures as the reverse dns does not
match the target server in question.

I've had similar problems with dovecot where the gssapi mech was
modified to scan all entries in the keytab (fixing this issue).

What route can we take for saslauthd in this scenario? I have added
both relevant keys to the keytab (smtp/mail.domain.com and
smtp/host.domain.com), albeit with unsuccessful results.

Could someone please point me in the right direction here.

Appreciate any help.

Regards,
Mustafa.
--
Mustafa A. Hashmi
backports at gmail.com


More information about the Cyrus-sasl mailing list