SASL authentication

Michael Ströder michael at
Mon Mar 23 15:22:06 EDT 2009

Xu, Qiang (FXSGSC) wrote:
> Yes, now I am also suspecting something is wrong with DNS settings.
> But I don't know how to check them. Could you give me some examples?

Use nslookup.exe on host name and IP address. They must match.

> [libdefaults]
>  default_realm =
> [..]
> In this configuration file, "durian" is the hostname of the client
> machine. Is there anything wrong with it?

I'm confused. Why do you put in here.

default_realm MUST point to a Kerberos realm. In a MS AD environment
this is simply the upper-case DNS domain name of the AD domain.

> [realms]
>  SESSWIN2003.COM = {
>   kdc =
Is that the IP address of your AD domain controller? Is SESSWIN2003.COM
your AD domain?

> = {
>   kdc =
>   admin_server =
>  }

Likely you should remove that.

You should try to find a working setup with AD using your favourite
search engine. Please read a little bit more what the different
parameters really mean.

Ciao, Michael.

More information about the Kerberos mailing list