[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

krb5_verify_user_opt failed

I'm trying to get sasl to authenticate users.  I've got my kerberos
realm setup, and have a user added.  I can do kinit and get a ticket
for the user.

I can use testsaslauthd to authenticate fine with saslauthd running as:

/usr/local/sbin/saslauthd -a shadow

So, I restarted saslauthd with:

/usr/local/sbin/saslauthd -a kerberos5

ran testsaslauthd like:

./testsaslauthd -u jdoe -p somepass -r someschool.edu

The result is:

0: NO "authentication failed"

and I get the following error in syslog:

Sep  1 18:19:43 ldap-1 saslauthd[8633]: do_auth         : auth
failure: [user=jdoe] [service=imap] [realm=someschool.edu]
[mech=kerberos5] [reason=krb5_verify_user_opt failed]

Has anyone ran into this issue?

I'm using:

Fedore Core 4
cyrus-sasl-2.1.22
db-4.3.28.NC
heimdal-0.7
openldap-2.2.26
openssl-0.9.8

An output of ktutil is:

[root@ldap-1 saslauthd]# /usr/heimdal/sbin/ktutil list
FILE:/etc/krb5.keytab:

Vno  Type                     Principal
 1  des-cbc-md5              ldap/ldap-1.someschool.edu@SOMESCHOOL.EDU
 1  des-cbc-md4              ldap/ldap-1.someschool.edu@SOMESCHOOL.EDU
 1  des-cbc-crc              ldap/ldap-1.someschool.edu@SOMESCHOOL.EDU
 1  aes256-cts-hmac-sha1-96  ldap/ldap-1.someschool.edu@SOMESCHOOL.EDU
 1  des3-cbc-sha1            ldap/ldap-1.someschool.edu@SOMESCHOOL.EDU
 1  arcfour-hmac-md5         ldap/ldap-1.someschool.edu@SOMESCHOOL.EDU
 1  des-cbc-md5              host/ldap-1.someschool.edu@SOMESCHOOL.EDU
 1  des-cbc-md4              host/ldap-1.someschool.edu@SOMESCHOOL.EDU
 1  des-cbc-crc              host/ldap-1.someschool.edu@SOMESCHOOL.EDU
 1  aes256-cts-hmac-sha1-96  host/ldap-1.someschool.edu@SOMESCHOOL.EDU
 1  des3-cbc-sha1            host/ldap-1.someschool.edu@SOMESCHOOL.EDU
 1  arcfour-hmac-md5         host/ldap-1.someschool.edu@SOMESCHOOL.EDU

krb4:/etc/srvtab:

Vno  Type         Principal
 1  des-cbc-md5  ldap/ldap-1.someschool.edu@SOMESCHOOL.EDUU
 1  des-cbc-md4  ldap/ldap-1.someschool.edu@SOMESCHOOL.EDU
 1  des-cbc-crc  ldap/ldap-1.someschool.edu@SOMESCHOOL.EDU
 1  des-cbc-md5  host/ldap-1.someschool.edu@SOMESCHOOL.EDU
 1  des-cbc-md4  host/ldap-1.someschool.edu@SOMESCHOOL.EDU
 1  des-cbc-crc  host/ldap-1.someschool.edu@SOMESCHOOL.EDU