SASL kerberos authentication problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Hi all,

I'm trying to use SASL to authenticate against my KDC. I'd like to
have libvirt users use their kerberos credentials to login, but right
now it's not working. Kerberos authentication in general works. The
computer has a keytab installed and I can successfully obtain a ticket
through kinit, libvirt has a principle configured for the host.

libvirt error:
authentication failed: Failed to start SASL negotiation: -4 (SASL(-4):
no mechanism available: No worthy mechs found)

/etc/sasl2/libvirt.conf:
mech_list: gssapi
keytab: /etc/libvirt/krb5.tab

/etc/conf.d/saslauthd:
SASLAUTHD_OPTS="-a kerberos5 ldap pam"

lsmod | grep gss:
rpcsec_gss_krb5        30147  0
auth_rpcgss            54612  1 rpcsec_gss_krb5
oid_registry           12419  1 auth_rpcgss
sunrpc                249148  6 nfs,rpcsec_gss_krb5,auth_rpcgss,lockd

packages:
extra/cyrus-sasl 2.1.26-7 [installed]
extra/cyrus-sasl-gssapi 2.1.26-7 [installed]
extra/cyrus-sasl-ldap 2.1.26-7 [installed]

Following the instructions here I tried to use SASL to search LDAP:
http://research.imb.uq.edu.au/~l.rathbone/ldap/gssapi.shtml

I end up with the same error they got (they didn't have
cyrus-sasl-gssapi installed, I do):
~$ ldapsearch -H ldap://freeipa -LLL -b 'dc=watchmysys,dc=com'
'(givenname=hal)' cn
SASL/EXTERNAL authentication started
ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
        additional info: SASL(-4): no mechanism available:

Any suggestions would be greatly appreciated.

Thanks,
Hal


[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]
  Powered by Linux