Problem with SASL authentication against Kerberos5 (Windos Active Directory)
Martin Schweizer
schweizer.martin at gmail.com
Fri Sep 24 02:12:21 EDT 2010
Hello
My system:
FreeBSD 8.1-RELEASE FreeBSD 8.1-RELEASE #2: Tue Aug 31 17:07:54 CEST
2010 :/usr/obj/usr/src/sys/GENERIC i386
Relevant part of the installed software:
# pkg_info|grep cyrus
cyrus-imapd-2.3.16_2 The cyrus mail server, supporting POP3 and IMAP4 protocols
cyrus-sasl-2.1.23 RFC 2222 SASL (Simple Authentication and Security Layer)
cyrus-sasl-saslauthd-2.1.23 SASL authentication server for cyrus-sasl2
Kerberos5 settings:
They are all ok, because I can these cross check by using kinit (and
such tools), ldapsearch and of course the security event protocol of
the domain controllers. So I can say all this is ok.
/etc/rc.conf:
[snip]
saslauthd_enable="YES"
saslauthd_flags="-a kerberos5"
I use three of the above servers and with two of them I have no such
problems. Here what is going wrong:
After I update all my ports I can no longer authenticate against
Kerberos5. The test with testsaslauthd -u usernamex -p passwordx ends
always in
0: NO "authentication failed". In /var/log/auth.log I can see Sep 24
08:07:28 saslauthd[83827]: do_auth : auth failure: [user=martin]
[service=imap] [realm=] [mech=kerberos5] [reason=krb5_verify_user_opt
failed]. What's intressting if I use saslauthd_flags="-a pam" then all
is working as expected. And again before the update all worked without
any problems. Any ideas?
Regards,
--
Martin Schweizer
schweizer.martin at gmail.com
Tel.: +41 32 512 48 54 (VoIP)
Fax: +1 619 3300587
More information about the Cyrus-sasl
mailing list