[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Trying to get passthrough auth working with OpenLDAP and Kerberos

On 01/27/12 10:43 -0800, Chastity Blackwell wrote:
Huh...well, what do you know, that works. Why is that though? I thought
you had to specify a realm for it to work?

Whether or not you use a realm is up to you. If you have multiple kerberos
realms, then you're going to need to specify one.

However, the reason this works is that:

[chas@ldapsandbox ~]$ /usr/sbin/testsaslauthd -u chas -p test -s ldap
0: OK "Success."

is simply passing a username to saslauthd, with no realm or domain.  The
kerberos backend, via your kerberos libraries, is using the default realm
to authenticate you.

To further trouble shoot why '{SASL}user@realm' does not work, you should
first verify that it works with testsaslauthd (-u chas@REALM), and if it
doesn't, bring the problem over to the cyrus-sasl@lists.andrew.cmu.edu

Dan White