[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: sasl problem with Scientific Linux / RedHat but not with debian?!




BjÃrn Nachtwey schrieb:
dear all,

Oliver Liebel wrote:
you should be more specific when posting your questions:
used versions of openldap, cyrus sasl and kerberos (at last: mit / heimdal?)

openldap: 2.3.27
cyrus sasl: 2.1.22 (binary package and sources)
kerberos: k5 heimdal
mod_auth_kerb: 5.1.3
krb5-server: 1.6.1-17 (on kerberos-server, runs on a different server)
without any information about your config-files and posting of
a log-output with a high debug-level, it is quite difficult to answer
this at all.


running saslauthd with "-d", I got:

saslauthd[9800] :get_accept_lock : acquired accept lock
saslauthd[9800] :rel_accept_lock : released accept lock
saslauthd[9800] :do_auth : auth failure: [user=nachtwey]
[service=imap] [realm=]
empty realm?

maybe this could be helpful:
http://www.openldap.org/faq/data/cache/944.html
http://www.semicomplete.com/articles/openldap-with-saslauthd/#id2244822
[mech=kerberos5] [reason=saslauthd internal
error]
saslauthd[9800] :get_accept_lock : acquired accept lock,

I just wonder, because no /etc/sasl2db was created on the SL-machine
(but was on debian)
if you want to store your user/passwords in openldap,
you dont need sasldb2 at all

maybe you should take a look at the debug-output of slapd first.

as long as sasl does not work, i do not mention slapd ;-) but: slapd runs fine if I neglect the authentification problem by sasl

BjÃrn Nachtwey schrieb:
Dear all,

I set up a ldap server and want to use sasl/kerberos5 for
authetification.
you mean: gssapi

no, i mean kerberos5

well, using debian/etch it works fine.
using scientific linux 5.1 (SL5.1) it does not work, not even
testsaslauthd works.

the configuration of both systems is the same,
snippets of the config-files...

cat /etc/krb5.conf @ SL-machine:

[realms]
 TU-BS.de = {
  kdc = rzkrb1.rz.tu-bs.de
  kdc = rzkrb2.rz.tu-bs.de
  admin_server = rzafs7.rz.tu-bs.de
 }

[domain_realm]
 tu-bs.de = TU-BS.de
 .tu-bs.de = TU-BS.de

cat /etc/krb5.conf @ Debian/Etch:

[realms]
        TU-BS.DE = {
                kdc = rzkrb1.rz.tu-bs.de
                admin_server = rzafs7.rz.tu-bs.de
        }

[domain_realm]
        .tu-bs.de = TU-BS.DE
        tu-bs.de = TU-BS.DE


cat /etc/default/saslauthd @ Debian/Etch:

START=yes
MECHANISMS="kerberos5"
MECH_OPTIONS=""
THREADS=3
OPTIONS="-c"

cat /etc/sysconfig/saslauthd @ SL51

SOCKETDIR=/var/run/saslauthd
correct owner/rights on socketdir and socket ?
(typical  /var/run/saslauthd/mux  )
just a guess...
MECH=kerberos5
FLAGS=

but it's the same if I do the saslauthd start with

saslauthd -a kerberos5 -n 1

on both maschines: debian works, SL does not :-(


thanks,

BjÃrn

besides hostname gives on
debian just the name and on SL5.1 the FQN.

i also tried to compile cyrus/sasl from sources -- just the same.

sl being a clone of RHEL, does anyone have the same problem?
does anyone have any idea?

thanks & best regards,

BjÃrn
____________
Virus checked by G DATA AntiVirusKit
Version: AVK 18.4023 from 05.06.2008
Virus news: www.antiviruslab.com



____________ Virus checked by G DATA AntiVirusKit Version: AVK 18.4024 from 05.06.2008 Virus news: www.antiviruslab.com