Re: using saslauthd to authenticate against multiple kerberos realms

From: Jeremy Rumpf (no email)
Date: Thu Dec 30 2004 - 13:41:46 EST

  • Next message: Winston Ford: "mysql.h not found, but exists"

    [snip]
    > Saslauthd is started as "saslauthd -a kerberos5 -r"
    >
    > I have host/foobar.domain.com/REALM1 and host/foobar.domain.com/REALM2
    > keys in krb5.keytab file.
    >
    > On the KDC for REALM2, the error that gets logged is:

    Try saslauthd without the -r switch. This causes it to append the username and
    realm together for mechs that aren't realm aware.

    >
    > krb5kdc[10449](info): AS_REQ (7 etypes {18 17 16 23 1 3 2}) 1.2.3.4(88):
    > ISSUE: authtime 1104430256, etypes {rep=16 tkt=16 ses=16}, user2 at REALM2
    > for krbtgt/REALM2 at REALM2
    >

    HTH,
    Jeremy


  • Next message: Winston Ford: "mysql.h not found, but exists"





    Hosted Email Solutions

    Invaluement Anti-Spam DNSBLs



    Powered By FreeBSD   Powered By FreeBSD