Bug#402844: libsasl2-modules-gssapi-mit: sasl-sample-client/sasl-sample-server authentication fails with GSSAPI mechanism

Michael Richters merlin at gedankenlabs.org
Wed Dec 13 00:58:40 CET 2006 

Package: libsasl2-modules-gssapi-mit
Version: 2.1.22.dfsg1-7
Severity: important


GSSAPI authentication does not appear to work for the SASL sample
client and server.  Of course, it is possible that I'm not doing
something wrong, given the lack of examples in the documentation.

Here's a transcript from the client:
----------------------------------------------------------------------
merlin at geomancer:~$ kinit
Password for merlin at NUTWERK.ORG: 
merlin at geomancer:~$ klist
Ticket cache: FILE:/tmp/krb5cc_1001
Default principal: merlin at NUTWERK.ORG

Valid starting     Expires            Service principal
12/12/06 18:41:57  12/13/06 04:41:57  krbtgt/NUTWERK.ORG at NUTWERK.ORG
        renew until 12/19/06 18:41:51


Kerberos 4 ticket cache: /tmp/tkt1001
klist: You have no tickets cached
merlin at geomancer:~$ sasl-sample-client -s host -m gssapi -n geomancer.nutwerk.org            
service=host
Waiting for mechanism list from server...
S: TE9HSU4gQ1JBTS1NRDUgR1NTQVBJIFBMQUlOIEFOT05ZTU9VUyBOVExNIERJR0VTVC1NRDU=
recieved 53 byte message
Forcing use of mechanism gssapi
Choosing best mechanism from: gssapi
sasl-sample-client: SASL Other: GSSAPI Error: Miscellaneous failure (Generic error (see e-text))
error was SASL(-1): generic failure: GSSAPI Error: Miscellaneous failure (Generic error (see e-text))
sasl-sample-client: Starting SASL negotiation: generic failure
----------------------------------------------------------------------

Here's the corresponding transcript from the server:
----------------------------------------------------------------------
geomancer:~# klist -k
Keytab name: FILE:/etc/krb5.keytab
KVNO Principal
---- --------------------------------------------------------------------------
   3 host/geomancer.nutwerk.org at NUTWERK.ORG
   3 host/geomancer.nutwerk.org at NUTWERK.ORG
geomancer:~# sasl-sample-server -s host
Generating client mechanism list...
Sending list of 7 mechanism(s)
S: TE9HSU4gQ1JBTS1NRDUgR1NTQVBJIFBMQUlOIEFOT05ZTU9VUyBOVExNIERJR0VTVC1NRDU=
Waiting for client mechanism...
----------------------------------------------------------------------

The error message is too vague for me to guess the cause of the problem.

  --Mike


-- System Information:
Debian Release: testing/unstable
  APT prefers testing
  APT policy: (500, 'testing'), (50, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-3-686
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

More information about the Pkg-cyrus-sasl2-debian-devel mailing list