Problem with SASL authentication against Kerberos5 (Windows Active
Directory)
Martin Schweizer
office at pc-service.ch
Tue Sep 28 08:26:07 UTC 2010
Hello
My system:
FreeBSD 8.1-RELEASE FreeBSD 8.1-RELEASE #2: Tue Aug 31 17:07:54 CEST
2010 :/usr/obj/usr/src/sys/GENERIC i386
Relevant part of the installed software:
# pkg_info|grep cyrus
cyrus-imapd-2.3.16_2 The cyrus mail server, supporting POP3 and IMAP4 protocols
cyrus-sasl-2.1.23 RFC 2222 SASL (Simple Authentication and Security Layer)
cyrus-sasl-saslauthd-2.1.23 SASL authentication server for cyrus-sasl2
Kerberos5 settings:
They are all ok, because I can these cross check by using kinit (and
such tools), ldapsearch and of course the security event protocol of
the domain controllers. So I can say all this is ok.
/etc/rc.conf:
[snip]
saslauthd_enable="YES"
saslauthd_flags="-a kerberos5"
I use three of the above servers and with two of them I have no such
problems. Here what is going wrong:
After I update all my ports I can no longer authenticate against
Kerberos5. The test with testsaslauthd -u usernamex -p passwordx ends
always in
0: NO "authentication failed". In /var/log/auth.log I can see Sep 24
08:07:28 saslauthd[83827]: do_auth : auth failure: [user=martin]
[service=imap] [realm=] [mech=kerberos5] [reason=krb5_verify_user_opt
failed]. What's intressting if I use saslauthd_flags="-a pam" then all
is working as expected. And again before the update all worked without
any problems. Any ideas?
Regards,
--
Martin Schweizer
<office at pc-service.ch>
PC-Service M. Schweizer GmbH; Bannholzstrasse 6; CH-8608 Bubikon
Tel. +41 55 243 30 00; Fax: +41 55 243 33 22
More information about the freebsd-questions
mailing list