[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: sasl problem with Scientific Linux / RedHat but not with debian?!



dear all,

Oliver Liebel wrote:
> you should be more specific when posting your questions:
> used versions of openldap, cyrus sasl and kerberos (at last: mit / heimdal?)

openldap:      2.3.27
cyrus sasl:    2.1.22 (binary package and sources)
kerberos:      k5 heimdal
mod_auth_kerb: 5.1.3
krb5-server:   1.6.1-17 (on kerberos-server, runs on a different server)

> without any information about your config-files and posting of
> a log-output with a high debug-level, it is quite difficult to answer
> this at all.

running saslauthd with "-d", I got:

saslauthd[9800] :get_accept_lock : acquired accept lock
saslauthd[9800] :rel_accept_lock : released accept lock
saslauthd[9800] :do_auth         : auth failure: [user=nachtwey]
[service=imap] [realm=] [mech=kerberos5] [reason=saslauthd internal
error]
saslauthd[9800] :get_accept_lock : acquired accept lock,

I just wonder, because no /etc/sasl2db was created on the SL-machine
(but was on debian)

> maybe you should take a look at the debug-output of slapd first.

as long as sasl does not work, i do not mention slapd ;-)
but: slapd runs fine if I neglect the authentification problem by sasl

> 
> BjÃrn Nachtwey schrieb:
> > Dear all,
> >
> > I set up a ldap server and want to use sasl/kerberos5 for
> > authetification.
> >   
> you mean: gssapi

no, i mean kerberos5

> > well, using debian/etch it works fine.
> > using scientific linux 5.1 (SL5.1) it does not work, not even
> > testsaslauthd works.
> >
> > the configuration of both systems is the same, 
> snippets of the config-files...

cat /etc/krb5.conf @ SL-machine:

[realms]
 TU-BS.de = {
  kdc = rzkrb1.rz.tu-bs.de
  kdc = rzkrb2.rz.tu-bs.de
  admin_server = rzafs7.rz.tu-bs.de
 }

[domain_realm]
 tu-bs.de = TU-BS.de
 .tu-bs.de = TU-BS.de

cat /etc/krb5.conf @ Debian/Etch:

[realms]
        TU-BS.DE = {
                kdc = rzkrb1.rz.tu-bs.de
                admin_server = rzafs7.rz.tu-bs.de
        }

[domain_realm]
        .tu-bs.de = TU-BS.DE
        tu-bs.de = TU-BS.DE


cat /etc/default/saslauthd @ Debian/Etch:

START=yes
MECHANISMS="kerberos5"
MECH_OPTIONS=""
THREADS=3
OPTIONS="-c"

cat /etc/sysconfig/saslauthd @ SL51

SOCKETDIR=/var/run/saslauthd
MECH=kerberos5
FLAGS=

but it's the same if I do the saslauthd start with

saslauthd -a kerberos5 -n 1

on both maschines: debian works, SL does not :-(


thanks,

BjÃrn

> > besides hostname gives on
> > debian just the name and on SL5.1 the FQN.
> >
> > i also tried to compile cyrus/sasl from sources -- just the same.
> >
> > sl being a clone of RHEL, does anyone have the same problem?
> > does anyone have any idea?
> >
> > thanks & best regards,
> >
> > BjÃrn
> >   
> 
> ____________
> Virus checked by G DATA AntiVirusKit
> Version: AVK 18.4023 from 05.06.2008
> Virus news: www.antiviruslab.com
> 
> 
-- 
########################################################################
Dipl.-Ing. BjÃrn Nachtwey
Technische UniversitÃt Carolo-Wilhelmina zu Braunschweig
Gauss-IT-Zentrum (GITZ) -- Abteilung Server
Hans-Sommer-StraÃe 65,  38106 Braunschweig
Telephon: +49 (0)531 / 391 - 5535
TeleFax:  +49 (0)531 / 391 - 5549
http://www.tu-braunschweig.de/it
mailto: b.nachtwey@tu-bs.de
mailto: c0034031@tu-bs.de
########################################################################
PGP-Schluessel:
http://www-public.tu-bs.de:8080/~nachtwey/bjoern_nachtwey.asc
PGP-Fingerprint:
B472 526A A903 4AEB 9269 EC0B 9CDE 7465 CE87
########################################################################