Bug#525785: sasl2-bin: saslauthd with kerberos5 doesn't work
Roberto C. Sánchez
roberto at connexer.com
Sat Feb 8 23:41:18 UTC 2014
On Mon, Apr 27, 2009 at 05:15:54PM +0200, Friedemann Stoyan wrote:
> Roberto C. Sánchez wrote:
>
> >Is it being set in the init script prior to the defaults file being
> >read?
>
> No. In general there is no need to set KRB5_KTNAME. If it is unset
> the default (/etc/krb5.keytab) is used. But not from saslauthd.
>
Hi Freidmann,
I am going through all the old bugs against cyrus-sasl2, and I wanted to
see if you had any more information on this. I did a little
investigating, and I found this in the saslauthd source code
(auth_krb5.c):
if (config) {
keytabname = cfile_getstring(config, "krb5_keytab", keytabname);
verify_principal = cfile_getstring(config, "krb5_verify_principal", verify_principal);
}
I know that Russ previously suggested that you might have KRB5_KTNAME
set elsewhere in the environment, and you said you did not. Is there a
chance that you have a saslauthd or other sasl configuration file that
specifies the "krb5_keytab" option?
I think that might explain the behavior you are seeing. I have tried to
replicate the behavior you see on your system with my own system, but on
my system the library uses the default /etc/krb5.keytab location without
me having to specify it anywhere.
Regards,
-Roberto
--
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-cyrus-sasl2-debian-devel/attachments/20140208/e330ef04/attachment-0001.sig>
More information about the Pkg-cyrus-sasl2-debian-devel
mailing list