FreeBSD 8.2 (i386): sasltauthd -a kerberos5 does not work

Dan White dwhite at olp.net
Wed May 4 10:04:21 EDT 2011


On 04/05/11 09:01 +0200, Martin Schweizer wrote:
>Hello
>
>My system:
>FreeBSD 8.2-RELEASE FreeBSD 8.2-RELEASE #0: Fri Apr 29 15:58:00 CEST
>2011     martin at acsvfbsd04:/usr/obj/usr/src/sys/GENERIC  i386
>
>acsvfbsd04# pkg_info|grep sasl
>cyrus-sasl-2.1.23   RFC 2222 SASL (Simple Authentication and Security Layer)
>cyrus-sasl-saslauthd-2.1.23 SASL authentication server for cyrus-sasl2
>
>In /etc/rc.conf I have:
>saslauthd_enable="YES"
>saslauthd_flags="-a kerberos5"
>
>In /var/log/auth.log I get always:
>May  4 08:44:24 acsvfbsd04 saslauthd[38396]: do_auth  : auth failure:
>[user=martin] [service=imap] [realm=] [mech=kerberos5]
>[reason=krb5_verify_user_opt failed]
>
>
>All the Kerberos5 stuff is working because I can use sasltauthd -a pam
>(which use the FreeBSD modul pam_kerb5). So it's not a Kerberos
>related problem.
>
>PS: On a amd64 plattform the same setup is working... So it seems to
>be 32 bit problem...

Which kerberos library was saslauthd compiled with? Does that differ from
the library that pam_kerb5 was compiled with?

Does running saslauthd in debug mode provide additional information? Do you
see anything in your KDC logs?

-- 
Dan White


More information about the Cyrus-sasl mailing list