saslauthd with multiple kerberos5 realms
Frank Swasey
Frank.Swasey at uvm.edu
Tue Sep 9 10:54:39 EDT 2014
I have a Red Hat Enterprise Linux Server release 6.5 system with the
following RPMs:
cyrus-sasl-lib-2.1.23-13.el6_3.1.x86_64
cyrus-sasl-plain-2.1.23-13.el6_3.1.x86_64
cyrus-sasl-gssapi-2.1.23-13.el6_3.1.x86_64
cyrus-sasl-md5-2.1.23-13.el6_3.1.x86_64
cyrus-sasl-devel-2.1.23-13.el6_3.1.x86_64
cyrus-sasl-2.1.23-13.el6_3.1.x86_64
krb5-workstation-1.10.3-15.el6_5.1.x86_64
krb5-libs-1.10.3-15.el6_5.1.x86_64
The system is configured for two realms. I can kinit into both realms,
and I can use testsaslauthd successfully to authenticate to one realm.
However, attempting to authenticate as my test account in the second
realm fails:
# /usr/sbin/testsaslauthd -r realm2 -u testacct -p pw
0: NO "authentication failed"
and logs in /var/log/messages:
saslauthd[9493]: auth_krb5: k5support_verify_tgt
saslauthd[9493]: do_auth : auth failure: [user=testacct] [service=imap]
[realm=realm2] [mech=kerberos5] [reason=saslauthd internal error]
I feel that I have missed something in configuring saslauthd. Any
suggestions (or questions)?
Thanks,
--
Frank Swasey | http://www.uvm.edu/~fcs
Sr Systems Administrator | Always remember: You are UNIQUE,
University of Vermont | just like everyone else.
"I am not young enough to know everything." - Oscar Wilde (1854-1900)
More information about the Cyrus-sasl
mailing list