Catch-all: "saslauthd internal error" with kerberos5

Daniel Norton daniel at danielnorton.com
Wed Mar 2 00:33:35 EST 2011


On 2/26/2011 10:13 PM, Daniel Norton wrote:
> Briefly, this works fine:
> $ kadmin -p username -w password
>
> But this fails:
> $ testsaslauthd -u username -p password
> 0: NO "authentication failed"

I found the problem, and had actually seen the solution in this list's
archives:
http://www.irbs.net/internet/cyrus-sasl/0603/0028.html

My ultimate problem was that I was thinking that the domain name for my
server principal name could be whatever I chose, and I chose
host/example.com at REALM, but the principal name must actually be
host//subdomain/.example.com at REALM (where "subdomain.example.com" is
whatever is returned from *gethostname()*). It's obvious, now that I
know the solution!

While stepping through the libkrb code I saw quite a number of other
conditions that result in the catch-all "internal error" description
(many of which could only be divined by stepping through the code), but
that's an age-old problem that's obviously not going to get fixed
anytime soon.

--
Daniel

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.andrew.cmu.edu/pipermail/cyrus-sasl/attachments/20110301/94d1e371/attachment.html 


More information about the Cyrus-sasl mailing list