saslauthd with multiple kerberos5 realms

Frank Swasey Frank.Swasey at uvm.edu
Tue Sep 9 10:54:39 EDT 2014


I have a Red Hat Enterprise Linux Server release 6.5 system with the 
following RPMs:

cyrus-sasl-lib-2.1.23-13.el6_3.1.x86_64
cyrus-sasl-plain-2.1.23-13.el6_3.1.x86_64
cyrus-sasl-gssapi-2.1.23-13.el6_3.1.x86_64
cyrus-sasl-md5-2.1.23-13.el6_3.1.x86_64
cyrus-sasl-devel-2.1.23-13.el6_3.1.x86_64
cyrus-sasl-2.1.23-13.el6_3.1.x86_64
krb5-workstation-1.10.3-15.el6_5.1.x86_64
krb5-libs-1.10.3-15.el6_5.1.x86_64

The system is configured for two realms.  I can kinit into both realms, 
and I can use testsaslauthd successfully to authenticate to one realm. 
However, attempting to authenticate as my test account in the second 
realm fails:

# /usr/sbin/testsaslauthd -r realm2 -u testacct -p pw
0: NO "authentication failed"

and logs in /var/log/messages:

saslauthd[9493]: auth_krb5: k5support_verify_tgt
saslauthd[9493]: do_auth     : auth failure: [user=testacct] [service=imap] 
[realm=realm2] [mech=kerberos5] [reason=saslauthd internal error]

I feel that I have missed something in configuring saslauthd. Any 
suggestions (or questions)?

Thanks,

-- 
Frank Swasey                    | http://www.uvm.edu/~fcs
Sr Systems Administrator        | Always remember: You are UNIQUE,
University of Vermont           |    just like everyone else.
   "I am not young enough to know everything." - Oscar Wilde (1854-1900)


More information about the Cyrus-sasl mailing list