[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: kpasswd
if you want SASL for just kerberos -- disable building sasl with db
support and also disable _ALL_ plugins you don't plan on using. My
configure which supports Sendmail, Cyrus IMAP and eventually OPenLDAP
with SASL support (still using kpasswd) -- this is from my RedHat RPM
for sasl 2.1.13 Also remember saslauthd checks the HOST ticket not a
specific app so you need host/hostname.domainname.edu for example not
just ldap/hostname.
export LDFLAGS="-L/usr/kerberos/lib"
export CPPFLAGS="-I /usr/kerberos/include"
export CFLAGS="-I /usr/kerberos/include"
./configure --prefix=/usr \
--with-dblib=no \
--with-saslauthd=/var/lib/saslauthd \
--enable-cram=no \
--with-pam=no \
--enable-digest=no \
--enable-otp=no \
--enable-srp=no \
--enable-krb4=no \
--enable-checkapop=no \
--enable-gssapi
Allan Streib wrote:
>
> On Friday, October 17, 2003, at 11:13 AM, I wrote:
>
> > I'm running into some difficulty -- started saslauthd as:
> > saslauthd -a kerberos5
> >
> > Edited my userPassword attribute to be:
> >
> > userPassword: {SASL}astreib@IU.EDU
> >
> > I get an invalid credentials error trying to bind. Also tried
> > omitting the @IU.EDU and the same error. My ldap logs show:
> >
> > Oct 17 11:06:56 slapd[30324]: SASL [conn=10] Error: unable to open
> > Berkeley db /etc/sasldb2: No such file or directory
> > Oct 17 11:06:56 slapd[30324]: SASL [conn=10] Failure: Invalid
> > credentials
>
> I created the /etc/sasldb2 and that made no difference (other than
> making that log message stop). Here's some more detailed logging -- if
> anyone can spot a clue here I'd appreciate some guidance. I'm thinking
> the "Converted SASL name to <nothing>" message might be a problem?
>
> .
> .
> .
> SASL Canonicalize [conn=1]: authcid="astreib@IU.EDU"
> slap_sasl_getdn: id=astreib@IU.EDU [len=14]
> getdn: u:id converted to uid=astreib,cn=IU.EDU,cn=auth
> >>> dnNormalize: <uid=astreib,cn=IU.EDU,cn=auth>
> => ldap_bv2dn(uid=astreib,cn=IU.EDU,cn=auth,0)
> <= ldap_bv2dn(uid=astreib,cn=IU.EDU,cn=auth,0)=0
> => ldap_dn2bv(272)
> <= ldap_dn2bv(uid=astreib,cn=iu.edu,cn=auth,272)=0
> <<< dnNormalize: <uid=astreib,cn=iu.edu,cn=auth>
> ==>slap_sasl2dn: converting SASL name uid=astreib,cn=iu.edu,cn=auth to
> a DN
> slap_sasl_regexp: converting SASL name uid=astreib,cn=iu.edu,cn=auth
> <==slap_sasl2dn: Converted SASL name to <nothing>
> SASL Canonicalize [conn=1]: authcDN="uid=astreib,cn=iu.edu,cn=auth"
> slap_sasl_getdn: id=astreib@IU.EDU [len=0]
> getdn: u:id converted to uid=astreib,cn=IU.EDU,cn=auth
> >>> dnNormalize: <uid=astreib,cn=IU.EDU,cn=auth>
> => ldap_bv2dn(uid=astreib,cn=IU.EDU,cn=auth,0)
> <= ldap_bv2dn(uid=astreib,cn=IU.EDU,cn=auth,0)=0
> => ldap_dn2bv(272)
> <= ldap_dn2bv(uid=astreib,cn=iu.edu,cn=auth,272)=0
> <<< dnNormalize: <uid=astreib,cn=iu.edu,cn=auth>
> ==>slap_sasl2dn: converting SASL name uid=astreib,cn=iu.edu,cn=auth to
> a DN
> slap_sasl_regexp: converting SASL name uid=astreib,cn=iu.edu,cn=auth
> <==slap_sasl2dn: Converted SASL name to <nothing>
> ldap_err2string
> SASL [conn=1] Failure: Invalid credentials
> .
> .
> .