[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Sendmail GSSAPI fails

To: heimdal-discuss@sics.se
Subject: Sendmail GSSAPI fails
From: "Loren M. Lang" <lorenl@alzatex.com>
Date: Sun, 3 Oct 2004 13:33:04 -0700
Sender: owner-heimdal-discuss@sics.se
User-Agent: Mutt/1.4.1i

I have been trying to get the GSSAPI AUTH method of sendmail to work.  I
have tried using both Pine and a hacked version of msmtp to authenticate
to sendmail with no success.  Currently I have CVS, OpenLDAP, rlogin,
and Cyrus IMAP working correctly with kerberos.  Sendmail advertises
GSSAPI as an available AUTH method and both clients send the AUTH
request and the krb5 auth token, but sendmail always returns auth
failure.  klist show that I aquired the neccessary token for
smtp/host.domain and I made sure that the principal was added to
/etc/krb5.keytab and is readable by sendmail.  The failure seems to be
when the sasl library calls gss_accept_sec_context().  The major status
is 589824 which means GSS_S_DEFECTIVE_TOKEN and the minor status is 0.
I have also seen it fail with the same major status and a minor status of
2249944332.  I am at a lose to figure out what the problem is.

I am using cyrus-sasl-1.5.28, heimdal-0.6.3, a customized redhat
sendmail-8.12.8-9.90.

-- 
I sense much NT in you.
NT leads to Bluescreen.
Bluescreen leads to downtime.
Downtime leads to suffering.
NT is the path to the darkside.
Powerful Unix is.

Public Key: ftp://ftp.tallye.com/pub/lorenl_pubkey.asc
Fingerprint: B3B9 D669 69C9 09EC 1BCD  835A FAF3 7A46 E4A3 280C

PGP signature

Prev by Date: MIT & Heimdal playing together?
Next by Date: Re: heimdal pkinit compiling on debian
Prev by thread: Re: MIT & Heimdal playing together?
Next by thread: asn1 decode problem
Index(es):
- Date
- Thread