Re: SASL Authentication

[Howard Chu <hyc@symas.com>]

Ammar T. Al-Sayegh wrote:

> > There is a long list of libs in /usr/lib/sasl2.
> > Which one should I delete?
>
>
> Now I realize that it will check methods according
> to listed libs in certain order. Since I had previous
> installation of sasl2, the old libs were there even
> though I have the --disable option. So I deleted the
> whole /usr/lib/sasl2 directory and recompiled. Now
> I get SASL/DIGEST-MD5 as default.
>
> New problem though, the autentication is failing for
> root:
>
> # ldapwhoami -U root
> SASL/DIGEST-MD5 authentication started
> Please enter your password: ldap_sasl_interactive_bind_s: Internal
>        (implementation specific) error (80)
>            additional info: SASL(-13):
>                user not found: no secret in database
>
> But I started saslauthd as:
>
>    saslauthd -a shadow
>
> and root does exist in the shadow file. So why does it
> think that it's doesn't exist?
>
> I'm moving from shadow to ldap, but I wanted to verify
> with shadow first before I migrate to ldap.

Problems with Cyrus SASL should be directed to the mailing lists managed 
by the Cyrus project. If you have not gotten the Cyrus SASL 
sample-client and sample-server working yet then you have a broken SASL 
config, and how to fix that does not belong on the OpenLDAP-software 
mailing list.

--
 -- Howard Chu
 Chief Architect, Symas Corp.       Director, Highland Sun
 http://www.symas.com               http://highlandsun.com/hyc
 Symas: Premier OpenSource Development and Support