[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: kpasswd



Today at 8:37am, Allan Streib wrote:

>
> On Tuesday, October 21, 2003, at 07:52 AM, Frank Swasey wrote:
>
> > Today at 8:20am, Igor Brezac wrote:
> >
> >> On Tue, 21 Oct 2003, Frank Swasey wrote:
> >>
> >>> I have a /usr/lib/sasl2/slapd.conf which contains
> >>> pwcheck_check: saslauthd
> >>> saslauthd_path: /var/run/saslauthd
> >>
> >> You need
> >> saslauthd_path: /var/run/saslauthd/mux
>
> Be sure that the user that slapd runs under ('ldap', in my case, has rw
> access to that socket.  E.g. on my system:
>
>    $ ll -d /var/state/saslauthd/
>    drwxrwxr-x    3 root     ldap         4096 Oct 17 16:03
> /var/state/saslauthd/

Ok, I've changed /var/run/saslauthd so it is the same as yours...

> > Ok, I've done that and restarted slapd -- no change.  How do I verify
> > that /usr/lib/sasl2/slapd.conf is the correct filename?
>
> In my system it's /usr/local/lib/sasl2/slapd.conf.  I built Cyrus-SASL
> 2.1.15 from source.  I would guess that if your SASL is from a RedHat
> RPM that /usr/lib is correct.

/usr/lib/sasl2 is the path that is in the slapd binary.

>
> > Why am I getting these lines in syslog?
> >
> > Oct 21 08:39:41 marmot slapd[13907]: SASL [conn=0] Failure: Invalid
> > credentials
> > Oct 21 08:39:41 marmot slapd[13907]: SASL [conn=0] Error: unable to
> > open Berkeley db /etc/sasldb2: No such file or directory
>
> I don't *think* that is a fatal error, more just a warning.  But you
> can create /etc/sasldb2 using the saslpasswd command -- I just created
> a user and then deleted it, which left the /etc/sasldb2 file in place:
>
> saslpasswd -c foo
> saslpasswd -d foo

Oops... Redhat... saslpasswd2 for me ...  because saslpasswd is the 1.5
version :-(

> Make sure your ldap user account (or whatever you've called it) can
> read this file.  That stopped the complaints about /etc/sasldb2 in my
> logs, but again I don't think that's really your problem.  If that
> fixes it, though, please add a follow-up to the FAQ on this topic.

Yup, it stopped the complaints, but it still doesn't work...

> > Who needs to own and what should the permissions be on
> > /usr/lib/sasl2/slapd.conf?
>
> In my system it's owned by root and readable by all.

Same here...

Ok... who's the SASL expert about why this won't work, but the facility
that is so broken that it is being removed still works.....  Kurt???

Frank