Re: SASL Passthrough no request

[Dan White <dwhite@cafedemocracy.org>]

On 12/30/15 08:40 +0000, Küchler, Simon wrote:
> Our password authetication should use SASL but we don't see any requests
> in our Logs or by tcpdump.
>
> The password authentication should work as follows
>
> - userPassword-Attribute: {SASL}User@Domain
> - saslauthd -> use PAM
> - PAM -> use kerberos
> - kerberos -> send request to Active-Directory Server

> Configuration files:
> ----------------------------
> lshxx0693:~ # cat /etc/sasl2/slapd.conf
> mech_list: plain login
> pwcheck_method: saslauthd
>
> lshxx0693:~ # cat /etc/sysconfig/saslauthd
> SASLAUTHD_AUTHMECH=pam
> SASLAUTHD_THREADS=5
> SASLAUTHD_PARAMS="-r"
>
> lshxx0693:~ # cat /etc/pam.d/ldap
> auth     required          pam_krb5.so no_user_check
> account required        pam_permit.so

> lshxx0693:~ # cat /etc/krb5.conf
>
> [libdefaults]
>            default_realm = INT.IT.DPP
>            dns_lookup_kdc = true
>
> [realms]
>            INT.IT.DPP = {
>                kdc = 10.150.10.10
>                kdc = 10.150.10.10
>        }
>
> [logging]
>    default = SYSLOG:NOTICE:DAEMON

Is testsaslauthd successful? If not, address that first (on the cyrus sasl
mailing list).

If you're still having issues, run saslauthd in debug mode, and verify your
slapd process is communicating with the saslauthd mux. Verify it is
writable by the slapd process.

--
Dan White