Morten Sylvest Olsen wrote:
This documentation
http://svn.collab.net/repos/svn/trunk/notes/sasl.txt talks about a 56
bytes limitation, and I wonder if this is the problem I am hitting here.
I don't think so.
Thanks, this was my biggest concern, and Dieter's message confirms that this
should not be an issue.
saslauthd should not be needed when using Kerberos/GSSAPI authentication.
Make sense, I wanted to confirm though.
0) Check that your server ticket works
kinit -k host/<hostname>@REALM
Yes, I get what I expect (when compared with my working cvs and
mod_auth_kerb setup) there.
1) Check that your AD server can be resolved both forward backwards. Per
default MS does not create reverse DNS entries, for reasons unknown.
This usually trips Kerberos
Thanks, ran into that years ago, but forgot to verify this time.
2) Prefer to use a krb5.conf with
dns_lookup_realm = true
dns_lookup_kdc = true
That should work, but you could try adding explicit entries for your
realm like:
[domain_realm]
.fiskhest.com = FISKHEST.COM
fiskhest.com = FISKHEST.COM
Good luck!
Thanks.
--
Yves.
http://www.SollerS.ca
