Bug#525785: sasl2-bin: saslauthd with kerberos5 doesn't work

Sun Feb 9 15:21:01 UTC 2014

On  8.02.14 18:41, Roberto C. Sánchez wrote:
> 
> I am going through all the old bugs against cyrus-sasl2, and I wanted to
> see if you had any more information on this.  I did a little
> investigating, and I found this in the saslauthd source code
> (auth_krb5.c):
> 
>     if (config) {
>         keytabname = cfile_getstring(config, "krb5_keytab", keytabname);
>         verify_principal = cfile_getstring(config, "krb5_verify_principal", verify_principal);
>     }
> 
> I know that Russ previously suggested that you might have KRB5_KTNAME
> set elsewhere in the environment, and you said you did not.  Is there a
> chance that you have a saslauthd or other sasl configuration file that
> specifies the "krb5_keytab" option?

Not that I am aware of.

> I think that might explain the behavior you are seeing.  I have tried to
> replicate the behavior you see on your system with my own system, but on
> my system the library uses the default /etc/krb5.keytab location without
> me having to specify it anywhere.

I don't know if this is importend or not, but I'm using Heimdal Kerberos and
not the MIT Libraries:

dpkg -l | grep sasl
ii  libsasl2-2                                        2.1.23.dfsg1-7                      Cyrus SASL - authentication abstraction library
ii  libsasl2-modules                                  2.1.23.dfsg1-7                      Cyrus SASL - pluggable authentication modules
ii  libsasl2-modules-gssapi-heimdal                   2.1.23.dfsg1-7                      Pluggable Authentication Modules for SASL (GSSAPI)
ii  sasl2-bin                                         2.1.23.dfsg1-7                      Cyrus SASL - administration programs for SASL users database

But never mind. In the meantime I don't use saslauthd anymore.

Regards
Friedemann