Bug#525785: sasl2-bin: saslauthd with kerberos5 doesn't work
Friedemann Stoyan
fstoyan at swapon.de
Sun Feb 9 15:21:01 UTC 2014
On 8.02.14 18:41, Roberto C. Sánchez wrote:
>
> I am going through all the old bugs against cyrus-sasl2, and I wanted to
> see if you had any more information on this. I did a little
> investigating, and I found this in the saslauthd source code
> (auth_krb5.c):
>
> if (config) {
> keytabname = cfile_getstring(config, "krb5_keytab", keytabname);
> verify_principal = cfile_getstring(config, "krb5_verify_principal", verify_principal);
> }
>
> I know that Russ previously suggested that you might have KRB5_KTNAME
> set elsewhere in the environment, and you said you did not. Is there a
> chance that you have a saslauthd or other sasl configuration file that
> specifies the "krb5_keytab" option?
Not that I am aware of.
> I think that might explain the behavior you are seeing. I have tried to
> replicate the behavior you see on your system with my own system, but on
> my system the library uses the default /etc/krb5.keytab location without
> me having to specify it anywhere.
I don't know if this is importend or not, but I'm using Heimdal Kerberos and
not the MIT Libraries:
dpkg -l | grep sasl
ii libsasl2-2 2.1.23.dfsg1-7 Cyrus SASL - authentication abstraction library
ii libsasl2-modules 2.1.23.dfsg1-7 Cyrus SASL - pluggable authentication modules
ii libsasl2-modules-gssapi-heimdal 2.1.23.dfsg1-7 Pluggable Authentication Modules for SASL (GSSAPI)
ii sasl2-bin 2.1.23.dfsg1-7 Cyrus SASL - administration programs for SASL users database
But never mind. In the meantime I don't use saslauthd anymore.
Regards
Friedemann
More information about the Pkg-cyrus-sasl2-debian-devel
mailing list