[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: sasl Kerberos authentication with subordinate

On 12/31/12 11:19 -0800, Wu, James C. wrote:
I have tested that the LDAP authentication through saslauthd using
Kerberos works well on both the internal ldap and Kerberos pair and the
external ldap Kerberos pair.

How did you verify authentication was working with your internal server?

For example, when I used "su - peter" where peter is a user in the
external ldap server and the password is
{SASL}peter@EXAMPLE.COM<mailto:%7bSASL%7dpeter@EXAMPLE.COM>. The
authentication works. However, when I use "su - James" where james is a
user defined in the internal ldap server with password
{SASL}james@SUB.EXAMPLE.COM<mailto:%7bSASL%7djames@SUB.EXAMPLE.COM>, then
the authentication failed. I check the log file, the internal server did
get the search request forwarded from the external ldap server and
returned the correct information back. However, I did not see the
saslauthd process on either the external or the internal ldap server get
any inquiry for the authentication.

On 01/02/13 14:52 -0800, Wu, James C. wrote:
When I add uid to the -D flag in the ldapwhoami, then it failed on both
the external and internal ldap servers.

ldapwhoami -x -H ldap://internalldap -D "uid=peter,ou=People,ou=sub,dc=example,dc=com" -w password
ldapwhoami -x -H ldap://externalldap -D "uid=peter,ou=People,ou=sub,dc=example,dc=com" -w password

How does this second command (against your internal server) differ from the
above verification?

Dan White