From owner-freebsd-questions@FreeBSD.ORG Thu Oct 7 06:14:14 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 38527106566B for ; Thu, 7 Oct 2010 06:14:14 +0000 (UTC) (envelope-from indexer@internode.on.net) Received: from mail.internode.on.net (bld-mail14.adl6.internode.on.net [150.101.137.99]) by mx1.freebsd.org (Postfix) with ESMTP id 968478FC0A for ; Thu, 7 Oct 2010 06:14:13 +0000 (UTC) Received: from staff-249-11.wireless.adelaide.edu.au (unverified [129.127.249.11]) by mail.internode.on.net (SurgeMail 3.8f2) with ESMTP id 42142517-1927428 for ; Thu, 07 Oct 2010 16:44:11 +1030 (CDT) From: Indexer Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Date: Thu, 7 Oct 2010 16:44:06 +1030 Message-Id: <2EF6AF20-77FC-4B41-9BFB-382EBEE21E93@internode.on.net> To: FBSD? Mime-Version: 1.0 (Apple Message framework v1081) X-Pgp-Agent: GPGMail 1.2.3 X-Mailer: Apple Mail (2.1081) Subject: Sasl passthrough authentication X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Oct 2010 06:14:14 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I am attempting to setup SASL passthrough authentication on a server.=20 I have install and configured saslauthd, and plan to use this with = kerberos5 When i attempt to use the command testsaslauthd -u william@REALM -p supersecretpassword I get the following in /var/log/messages. Oct 7 16:37:13 blackrabbit saslauthd[1557]: auth_krb5: = k5support_verify_tgt [root@blackrabbit ~]# saslauthd -a kerberos5 -d -V saslauthd[1555] :main : num_procs : 5 saslauthd[1555] :main : mech_option: NULL saslauthd[1555] :main : run_path : /var/run/saslauthd saslauthd[1555] :main : auth_mech : kerberos5 saslauthd[1555] :ipc_init : using accept lock file: = /var/run/saslauthd/mux.accept saslauthd[1555] :detach_tty : master pid is: 0 saslauthd[1555] :ipc_init : listening on socket: = /var/run/saslauthd/mux saslauthd[1555] :main : using process model saslauthd[1555] :have_baby : forked child: 1556 saslauthd[1556] :get_accept_lock : acquired accept lock saslauthd[1555] :have_baby : forked child: 1557 saslauthd[1555] :have_baby : forked child: 1558 saslauthd[1555] :have_baby : forked child: 1559 saslauthd[1557] :rel_accept_lock : released accept lock saslauthd[1558] :get_accept_lock : acquired accept lock saslauthd[1557] :do_auth : auth failure: [user=3Dwilliam@REALM] = [service=3Dimap] [realm=3D] [mech=3Dkerberos5] [reason=3Dsaslauthd = internal error] I have looked for help on this, and sadly can only find that i should = have a host/fqdn@REALM principal in my /etc/krb5.keytab . I have already = done this however. /etc/hosts also corresponds with this correctly and = my servers fqdn is listed inside. (host/blackrabbit.realm@REALM) My krb5kdc log shows=20 Oct 07 16:39:07 blackrabbit.realm krb5kdc[868](info): AS_REQ (4 etypes = {18 17 16 23}) 127.0.0.1: ISSUE: authtime 1286431747, etypes {rep=3D16 = tkt=3D16 ses=3D16}, william@REALM for krbtgt/REALM@REALM I know that i am missing something obvious, but any help or suggestions = would be appreciated=20 Sincerely William Brown pgp.mit.edu -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) iQIcBAEBAgAGBQJMrWUxAAoJEHF16AnLoz6JvrUP/3QTMDtubHs+3OFrujKssQ2W 83LIYlV1lzv3lLkT5BlgudiFqUmVFI2JVZ0/iq8xNUJ8pITFcay+YO7XVkBBq6KI RDUKdL02b9Z6eV8SXtF20ppT/Z3vvAXxLcwb8/KLAdf6lknf+FhQG07PaOOtf5Um crgJbVz4mXGR4/+nYXwfWu4WXzBEyEEIbgN6x0RGqg0deWiRfdaG0/VocYM6TSXg nEDXxWu8eLaKf3tfIiPjuvPaEFTCTreiVRiS7wG7H+UuBo4Wc9A0aPLnchdVn4Xb POgklHOGKb3W+MrlRSseioOscxTdr+7IB3vDB5TE7uaQuCIOc05pwAWA6PsLjOho zoTkUpmzA8MRr08AU2Qm6IChEHI+1idpaxaEpgCOUuteBl2GM6WZZBoNqFXINAm+ T7wP4UbH78xT8UYrVbBz9n98/H+Oo8LzX44ov+btQT2CfjQgE3jQpSoJtd8ePSJJ pRxs/2IOqukPm+tUJH2XLGhpnf2BMUz89Y5NXKF+WF4aQmqihxfvzb/ZDGvstCOw ch7Eg2+AH2V816Ot9ZHPLZrJzqkTWMORGUVPDjyRlTqIvYUm49MNtog5Vlr7AHDl Ejgzsjb8FUKgHK17bQSZoPc48bRTwp3As00lnsRDp7xZxKyDvpb36ETVFZMry9WJ a/1zkAIqMd5/fiWHa0gw =3DlI71 -----END PGP SIGNATURE-----