[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: sasl problem with Scientific Linux / RedHat but not with debian?!
dear all,
Oliver Liebel wrote:
> you should be more specific when posting your questions:
> used versions of openldap, cyrus sasl and kerberos (at last: mit / heimdal?)
openldap: 2.3.27
cyrus sasl: 2.1.22 (binary package and sources)
kerberos: k5 heimdal
mod_auth_kerb: 5.1.3
krb5-server: 1.6.1-17 (on kerberos-server, runs on a different server)
> without any information about your config-files and posting of
> a log-output with a high debug-level, it is quite difficult to answer
> this at all.
running saslauthd with "-d", I got:
saslauthd[9800] :get_accept_lock : acquired accept lock
saslauthd[9800] :rel_accept_lock : released accept lock
saslauthd[9800] :do_auth : auth failure: [user=nachtwey]
[service=imap] [realm=] [mech=kerberos5] [reason=saslauthd internal
error]
saslauthd[9800] :get_accept_lock : acquired accept lock,
I just wonder, because no /etc/sasl2db was created on the SL-machine
(but was on debian)
> maybe you should take a look at the debug-output of slapd first.
as long as sasl does not work, i do not mention slapd ;-)
but: slapd runs fine if I neglect the authentification problem by sasl
>
> BjÃrn Nachtwey schrieb:
> > Dear all,
> >
> > I set up a ldap server and want to use sasl/kerberos5 for
> > authetification.
> >
> you mean: gssapi
no, i mean kerberos5
> > well, using debian/etch it works fine.
> > using scientific linux 5.1 (SL5.1) it does not work, not even
> > testsaslauthd works.
> >
> > the configuration of both systems is the same,
> snippets of the config-files...
cat /etc/krb5.conf @ SL-machine:
[realms]
TU-BS.de = {
kdc = rzkrb1.rz.tu-bs.de
kdc = rzkrb2.rz.tu-bs.de
admin_server = rzafs7.rz.tu-bs.de
}
[domain_realm]
tu-bs.de = TU-BS.de
.tu-bs.de = TU-BS.de
cat /etc/krb5.conf @ Debian/Etch:
[realms]
TU-BS.DE = {
kdc = rzkrb1.rz.tu-bs.de
admin_server = rzafs7.rz.tu-bs.de
}
[domain_realm]
.tu-bs.de = TU-BS.DE
tu-bs.de = TU-BS.DE
cat /etc/default/saslauthd @ Debian/Etch:
START=yes
MECHANISMS="kerberos5"
MECH_OPTIONS=""
THREADS=3
OPTIONS="-c"
cat /etc/sysconfig/saslauthd @ SL51
SOCKETDIR=/var/run/saslauthd
MECH=kerberos5
FLAGS=
but it's the same if I do the saslauthd start with
saslauthd -a kerberos5 -n 1
on both maschines: debian works, SL does not :-(
thanks,
BjÃrn
> > besides hostname gives on
> > debian just the name and on SL5.1 the FQN.
> >
> > i also tried to compile cyrus/sasl from sources -- just the same.
> >
> > sl being a clone of RHEL, does anyone have the same problem?
> > does anyone have any idea?
> >
> > thanks & best regards,
> >
> > BjÃrn
> >
>
> ____________
> Virus checked by G DATA AntiVirusKit
> Version: AVK 18.4023 from 05.06.2008
> Virus news: www.antiviruslab.com
>
>
--
########################################################################
Dipl.-Ing. BjÃrn Nachtwey
Technische UniversitÃt Carolo-Wilhelmina zu Braunschweig
Gauss-IT-Zentrum (GITZ) -- Abteilung Server
Hans-Sommer-StraÃe 65, 38106 Braunschweig
Telephon: +49 (0)531 / 391 - 5535
TeleFax: +49 (0)531 / 391 - 5549
http://www.tu-braunschweig.de/it
mailto: b.nachtwey@tu-bs.de
mailto: c0034031@tu-bs.de
########################################################################
PGP-Schluessel:
http://www-public.tu-bs.de:8080/~nachtwey/bjoern_nachtwey.asc
PGP-Fingerprint:
B472 526A A903 4AEB 9269 EC0B 9CDE 7465 CE87
########################################################################