domain trusts => saslauthd

kerberos@mynx.org kerberos at mynx.org
Mon Sep 24 09:36:55 EDT 2007


hello folks,

I'm not quite sure if this fits in here, but anyway maybe some one can  
help me.
I got a problem with domain trusts and saslauthd.
To be specific, I got a kerberos domain(UNIX.SAMPLE.COM) and an active  
directory domain(WIN.SAMPLE.COM).
I made an one way trust, so windows user can login onto the unix hosts.
On the unix shell kinit user at WIN.SAMPLE.COM is working.
But if I do the same with testsaslauthd -u user -p password -r WIN.SAMPLE.COM
i'm getting 0: NO "authentication failed"

logs are filled with...

syslog:
Sep 24 15:28:29 host01 saslauthd[4265]: auth_krb5: k5support_verify_tgt
Sep 24 15:28:29 host01 saslauthd[4265]: do_auth         : auth  
failure: [user=user] [service=imap] [realm=WIN.SAMPLE.COM]  
[mech=kerberos5] [reason=saslauthd internal error]

krb5kdc.log:
Sep 24 15:28:29 host01.unix.sample.com krb5kdc[4634](info): TGS_REQ (7  
etypes {18 17 16 23 1 3 2}) 192.168.2.10: PROCESS_TGS: authtime 0,   
<unknown client> for host/host01.unix.sample.com at UNIX.SAMPLE.COM, Key  
table entry not found
Sep 24 15:28:29 host01.unix.sample.com krb5kdc[4634](info): TGS_REQ (7  
etypes {18 17 16 23 1 3 2}) 192.168.2.10: PROCESS_TGS: authtime 0,   
<unknown client> for host/host01.unix.sample.com at UNIX.SAMPLE.COM, Key  
table entry not found

any ideas?

regards
Rainhard

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.





More information about the Kerberos mailing list