[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Trying to get passthrough auth working with OpenLDAP and Kerberos

To: Chastity Blackwell <chas@aggregateknowledge.com>
Subject: Re: Trying to get passthrough auth working with OpenLDAP and Kerberos
From: Dan White <dwhite@olp.net>
Date: Fri, 27 Jan 2012 13:56:08 -0600
Cc: "openldap-technical@openldap.org" <openldap-technical@openldap.org>
Content-disposition: inline
In-reply-to: <1327623587.30600.12.camel@localhost.localdomain>
References: <20120126231717.GI4618@dan.olp.net> <1327623587.30600.12.camel@localhost.localdomain>
User-agent: Mutt/1.5.21 (2010-09-15)

On 01/27/12 10:43 -0800, Chastity Blackwell wrote:

Huh...well, what do you know, that works. Why is that though? I thought
you had to specify a realm for it to work?


Whether or not you use a realm is up to you. If you have multiple kerberos
realms, then you're going to need to specify one.

However, the reason this works is that:

[chas@ldapsandbox ~]$ /usr/sbin/testsaslauthd -u chas -p test -s ldap
0: OK "Success."


is simply passing a username to saslauthd, with no realm or domain.  The
kerberos backend, via your kerberos libraries, is using the default realm
to authenticate you.

To further trouble shoot why '{SASL}user@realm' does not work, you should
first verify that it works with testsaslauthd (-u chas@REALM), and if it
doesn't, bring the problem over to the cyrus-sasl@lists.andrew.cmu.edu
list.

--
Dan White

Follow-Ups:
- Re: Trying to get passthrough auth working with OpenLDAP and Kerberos
  - From: Chastity Blackwell <chas@aggregateknowledge.com>

References:
- Re: Trying to get passthrough auth working with OpenLDAP and Kerberos
  - From: Dan White <dwhite@olp.net>
- Re: Trying to get passthrough auth working with OpenLDAP and Kerberos
  - From: Chastity Blackwell <chas@aggregateknowledge.com>

Prev by Date: Re: smbk5pwd overlay assert/crash
Next by Date: Re: Trying to get passthrough auth working with OpenLDAP and Kerberos
Index(es):
- Chronological
- Thread