[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL Passthrough no request

On 12/30/15 08:40 +0000, Küchler, Simon wrote:
Our password authetication should use SASL but we don't see any requests
in our Logs or by tcpdump.

The password authentication should work as follows

- userPassword-Attribute: {SASL}User@Domain
- saslauthd -> use PAM
- PAM -> use kerberos
- kerberos -> send request to Active-Directory Server

Configuration files:
lshxx0693:~ # cat /etc/sasl2/slapd.conf
mech_list: plain login
pwcheck_method: saslauthd

lshxx0693:~ # cat /etc/sysconfig/saslauthd

lshxx0693:~ # cat /etc/pam.d/ldap
auth     required          pam_krb5.so no_user_check
account required        pam_permit.so

lshxx0693:~ # cat /etc/krb5.conf

           default_realm = INT.IT.DPP
           dns_lookup_kdc = true

           INT.IT.DPP = {
               kdc =
               kdc =


Is testsaslauthd successful? If not, address that first (on the cyrus sasl
mailing list).

If you're still having issues, run saslauthd in debug mode, and verify your
slapd process is communicating with the saslauthd mux. Verify it is
writable by the slapd process.

Dan White