Bug#402844: libsasl2-modules-gssapi-mit:
sasl-sample-client/sasl-sample-server authentication fails
with GSSAPI mechanism
Fabian Fagerholm
fabbe at paniq.net
Sat Dec 16 09:34:53 CET 2006
severity 402844 normal
tags 402844 moreinfo
thanks
Sam: any chance you could send your configuration to this bug?
Specifically, the following files:
/etc/krb5.conf
/etc/cyrus.conf
/etc/imapd.conf
/etc/default/saslauthd (unless you use an auxprop mechanism, of course)
Michael:
On Thu, 2006-12-14 at 11:44 -0500, Michael Richters wrote:
> That's what I did, and included in the original report, except that I
> specified the service name ("host"). The results are the same if I
> leave out the "-s host":
Right, of course. I didn't read carefully enough, sorry about that.
> Any idea what I might be doing wrong?
I suspect some kind of configuration error, because Sam Hartman has a
working GSSAPI + Cyrus IMAPd system running (see bug #400955). That's
why I'm downgrading this bug -- which doesn't mean we're abandoning it.
I think the fix will be better docs, as you've said.
One thing which sticks out to me is that you have
sasl_pwcheck_method: saslauthd
in /etc/imapd.conf, but then you have
MECHANISMS="pam"
in /etc/default/saslauthd. I'm not too familiar with GSSAPI, but it
seems to me that something should be different here, as Kerberos will
handle how authentication data is stored, and saslauthd should simply
ask it to authenticate the user (or fail).
Let's see if we can get Sam's config and find out if there is a deciding
difference between his and yours.
Cheers,
--
Fabian Fagerholm <fabbe at paniq.net>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.alioth.debian.org/pipermail/pkg-cyrus-sasl2-debian-devel/attachments/20061216/bd09a04a/attachment.pgp
More information about the Pkg-cyrus-sasl2-debian-devel
mailing list