I have now successfully tested sasl-sample-client sasl-sample-server
(and imtest) with GSSAPI authentication. Once my kerberos config
files were corrected, everything worked. The error messages could
certainly have been more helpful, but I know of no reason why this bug
should not be closed
While constructing a reply to your message, I believe I have found the
error. I had the wrong hostname for the kdc in the [realms] section
of /etc/krb5.conf. I'm a bit confused about why I was able to get
tickets at all with kinit, but now both the kerberos clients and
On Mon, Dec 18, 2006 at 12:00:41AM -0500, Sam Hartman wrote:
Interesting. Do you end up getting tickets for the host service or
just a tgt?
After sasl-sample-client exits, I still only have a tgt.
Is any error logged on the Kerberos KDC?
None that I see, but I might be looking in the wrong
Interesting. Do you end up getting tickets for the host service or
just a tgt?
Is any error logged on the Kerberos KDC?
Does the sasl sample pass the hostname into the sasl library? Many
mechanisms such as digest-md5 and cram-md5 will mostly work without a
hostname passed in, but gssapi
severity 402844 normal
tags 402844 moreinfo
thanks
Sam: any chance you could send your configuration to this bug?
Specifically, the following files:
/etc/krb5.conf
/etc/cyrus.conf
/etc/imapd.conf
/etc/default/saslauthd (unless you use an auxprop mechanism, of course)
Michael:
On Thu,
On Sat, Dec 16, 2006 at 10:34:53AM +0200, Fabian Fagerholm wrote:
One thing which sticks out to me is that you have
sasl_pwcheck_method: saslauthd
in /etc/imapd.conf, but then you have
MECHANISMS=pam
in /etc/default/saslauthd. I'm not too familiar with GSSAPI, but it
seems to
Michael,
Thanks for your report!
On Tue, 2006-12-12 at 18:58 -0500, Michael Richters wrote:
GSSAPI authentication does not appear to work for the SASL sample
client and server. Of course, it is possible that I'm not doing
something wrong, given the lack of examples in the documentation.
The
On Thu, Dec 14, 2006 at 08:23:58AM +0200, Fabian Fagerholm wrote:
Could you please try the following:
On the client:
$ kinit
$ sasl-sample-client -m gssapi -n geomancer.nutwerk.org
On the server:
$ sasl-sample-server
Then manually copy and paste the server output (the whole line,
Package: libsasl2-modules-gssapi-mit
Version: 2.1.22.dfsg1-7
Severity: important
GSSAPI authentication does not appear to work for the SASL sample
client and server. Of course, it is possible that I'm not doing
something wrong, given the lack of examples in the documentation.
Here's a
9 matches
Mail list logo