[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: krb5_verify_user_opt failed

To: heimdal-discuss@sics.se
Subject: Re: krb5_verify_user_opt failed
From: German Shorthair <germanshorthairpointer@gmail.com>
Date: Fri, 16 Sep 2005 11:36:40 -0400
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=UF9WM8uOZAKuymJLiSx9gQzsiqmALJ+sPIGwz/P7n3HbDJ40AMOf9udii3tKBvZTwHQGd8ml6OQyM6s9Dh7p4jV+csuRN8gufmTYu91/cG1vIP6CLsafKXINp99My8SWBvcUfORuYtrtgCOVF3Fm2ymeIOY5tQg8FW2XSxeAkzI=
In-Reply-To: <857b8f56050915141975c9ae54@mail.gmail.com>
References: <857b8f5605091419283d34f937@mail.gmail.com> <20050915164400.GA1476@dsl092-173-085.wdc2.dsl.speakeasy.net> <857b8f56050915141975c9ae54@mail.gmail.com>
Reply-To: germanshorthairpointer@gmail.com
Sender: owner-heimdal-discuss@sics.se

I removed my old keytab and srvtab.  Removed the kerberos databases in
/var/heimdal and rebuilt my realm, keytab, and srvtab.  Everything
works fine now.

On 9/15/05, German Shorthair <germanshorthairpointer@gmail.com> wrote:
> I added the imap service and even ran testsaslauthd with host and ldap
> as the service.  Here's the result:
> 
> Sep 15 17:07:55 ldap-1 saslauthd[30446]: do_auth         : auth
> failure: [user=jdoe] [service=host] [realm=someschool.edu]
> [mech=kerberos5] [reason=krb5_verify_user_opt failed]
> Sep 15 17:08:01 ldap-1 saslauthd[30448]: do_auth         : auth
> failure: [user=jdoe] [service=imap] [realm=someschool.edu]
> [mech=kerberos5] [reason=krb5_verify_user_opt failed]
> Sep 15 17:08:04 ldap-1 saslauthd[30450]: do_auth         : auth
> failure: [user=jdoe] [service=ldap] [realm=someschool.edu
> [mech=kerberos5] [reason=krb5_verify_user_opt failed]
> 
> 
> On 9/15/05, Buck Huppmann <buckh@pobox.com> wrote:
> > On Wed, Sep 14, 2005 at 10:28:13PM -0400, German Shorthair wrote:
> >
> > > Sep  1 18:19:43 ldap-1 saslauthd[8633]: do_auth         : auth
> > > failure: [user=jdoe] [service=imap] [realm=someschool.edu]
> >                         ^^^^^^^^^^^^
> >                         do you need a key for this in your keytab
> >                         (and in your realm database), maybe?
> >
> > --buck
> >
> > > [root@ldap-1 saslauthd]# /usr/heimdal/sbin/ktutil list
> > > FILE:/etc/krb5.keytab:
> > >
> > > Vno  Type                     Principal
> > >  1  des-cbc-md5              ldap/ldap-1.someschool.edu@SOMESCHOOL.EDU
> > >  1  des-cbc-md4              ldap/ldap-1.someschool.edu@SOMESCHOOL.EDU
> > >  1  des-cbc-crc              ldap/ldap-1.someschool.edu@SOMESCHOOL.EDU
> > >  1  aes256-cts-hmac-sha1-96  ldap/ldap-1.someschool.edu@SOMESCHOOL.EDU
> > >  1  des3-cbc-sha1            ldap/ldap-1.someschool.edu@SOMESCHOOL.EDU
> > >  1  arcfour-hmac-md5         ldap/ldap-1.someschool.edu@SOMESCHOOL.EDU
> > >  1  des-cbc-md5              host/ldap-1.someschool.edu@SOMESCHOOL.EDU
> > >  1  des-cbc-md4              host/ldap-1.someschool.edu@SOMESCHOOL.EDU
> > >  1  des-cbc-crc              host/ldap-1.someschool.edu@SOMESCHOOL.EDU
> > >  1  aes256-cts-hmac-sha1-96  host/ldap-1.someschool.edu@SOMESCHOOL.EDU
> > >  1  des3-cbc-sha1            host/ldap-1.someschool.edu@SOMESCHOOL.EDU
> > >  1  arcfour-hmac-md5         host/ldap-1.someschool.edu@SOMESCHOOL.EDU
> >
>

References:
- krb5_verify_user_opt failed
  - From: German Shorthair <germanshorthairpointer@gmail.com>
- Re: krb5_verify_user_opt failed
  - From: Buck Huppmann <buckh@pobox.com>
- Re: krb5_verify_user_opt failed
  - From: German Shorthair <germanshorthairpointer@gmail.com>

Prev by Date: Re: pkinit and krb5.conf [appdefaults] section
Next by Date: Re: heimdal-0.7.1rc2
Prev by thread: Re: krb5_verify_user_opt failed
Next by thread: /var/heimdal/log
Index(es):
- Date
- Thread