saslauthd[29808]: auth_krb5: k5support_verify_tgt
saslauthd[29808]: do_auth : auth failure: [user=kvo] [service=ldap] [realm=LOCALREALM] [mech=kerberos5] [reason=saslauthd internal error]
a search for the error only mentioned adding the host principle to the keytab file, which I had done, but I was still getting the error.
It seems saslauthd on ubuntu requires that KRB5_KTNAME is set... even though /etc/krb5.keytab is the default, it still needs the environment variable to be present. (explicitly setting the default keytab in /etc/krb5.conf didnt help either).
So the solution to the problem is to add:
export KRB5_KTNAME=/etc/krb5.conf
to the /etc/default/saslauthd file.
2 comments:
that should be:
export KRB5_KTNAME=/etc/krb5.keytab and not /etc/krb5.conf
Good catch! That was indeed a typo.
Post a Comment