domain trusts => saslauthd

Rainhard Vladyka kerberos at mynx.org
Mon Sep 24 10:55:51 EDT 2007


Hello,

its working now.
It was a trust related issue.
I made now a two-way trust and I'm getting now a ticket.

thx
Rainhard


Quoting kerberos at mynx.org:

> hello folks,
>
> I'm not quite sure if this fits in here, but anyway maybe some one can
> help me.
> I got a problem with domain trusts and saslauthd.
> To be specific, I got a kerberos domain(UNIX.SAMPLE.COM) and an active
> directory domain(WIN.SAMPLE.COM).
> I made an one way trust, so windows user can login onto the unix hosts.
> On the unix shell kinit user at WIN.SAMPLE.COM is working.
> But if I do the same with testsaslauthd -u user -p password -r WIN.SAMPLE.COM
> i'm getting 0: NO "authentication failed"
>
> logs are filled with...
>
> syslog:
> Sep 24 15:28:29 host01 saslauthd[4265]: auth_krb5: k5support_verify_tgt
> Sep 24 15:28:29 host01 saslauthd[4265]: do_auth         : auth
> failure: [user=user] [service=imap] [realm=WIN.SAMPLE.COM]
> [mech=kerberos5] [reason=saslauthd internal error]
>
> krb5kdc.log:
> Sep 24 15:28:29 host01.unix.sample.com krb5kdc[4634](info): TGS_REQ (7
> etypes {18 17 16 23 1 3 2}) 192.168.2.10: PROCESS_TGS: authtime 0,
> <unknown client> for host/host01.unix.sample.com at UNIX.SAMPLE.COM, Key
> table entry not found
> Sep 24 15:28:29 host01.unix.sample.com krb5kdc[4634](info): TGS_REQ (7
> etypes {18 17 16 23 1 3 2}) 192.168.2.10: PROCESS_TGS: authtime 0,
> <unknown client> for host/host01.unix.sample.com at UNIX.SAMPLE.COM, Key
> table entry not found
>
> any ideas?
>
> regards
> Rainhard
>
> ----------------------------------------------------------------
> This message was sent using IMP, the Internet Messaging Program.
>
>
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>



----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.





More information about the Kerberos mailing list