On 2/26/2011 10:13 PM, Daniel Norton wrote:
Briefly, this works fine: $ kadmin -p username -w password But this fails: $ testsaslauthd -u username -p password 0: NO "authentication failed" I found the problem, and had actually seen the solution in this list’s archives: http://www.irbs.net/internet/cyrus-sasl/0603/0028.html My ultimate problem was that I was thinking that the domain name for my server principal name could be whatever I chose, and I chose host/example.com@REALM, but the principal name must actually be host/subdomain.example.com@REALM (where "subdomain.example.com" is whatever is returned from gethostname()). It’s obvious, now that I know the solution! While stepping through the libkrb code I saw quite a number of other conditions that result in the catch-all “internal error” description (many of which could only be divined by stepping through the code), but that’s an age-old problem that’s obviously not going to get fixed anytime soon. -- Daniel |
