[30910] in Kerberos

home help back first fref pref prev next nref lref last post

RE: SASL authentication

daemon@ATHENA.MIT.EDU (Xu, Qiang (FXSGSC))
Mon Mar 23 05:33:12 2009

From: "Xu, Qiang (FXSGSC)" <Qiang.Xu@fujixerox.com>
To: =?iso-8859-1?Q?Michael_Str=F6der?= <michael@stroeder.com>,
   "kerberos@mit.edu" <kerberos@mit.edu>
Date: Mon, 23 Mar 2009 17:31:49 +0800
Message-ID: <D8C9BC7FFCF8154FB7141EB8DB609C172905443BEA@SGPAPHQ-EXSCC01.dc01.fujixerox.net>
In-Reply-To: <9vmd96-1dp.ln1@nb2.stroeder.com>
Content-Language: en-US
MIME-Version: 1.0
X-MAIL-FROM: <qiang.xu@fujixerox.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu

> -----Original Message-----
> From: kerberos-bounces@mit.edu 
> [mailto:kerberos-bounces@mit.edu] On Behalf Of Michael Str?der
> Sent: Saturday, March 21, 2009 7:55 AM
> To: kerberos@mit.edu
> Subject: Re: SASL authentication
> 
> You create a user with a sAMAccountName and a 
> userPrincipalName (LDAP attribute names) and then use this 
> userPrincipalName as parameter for kinit. LDAP-bind with 
> SASL/GSSAPI will automagically obtain a service ticket. See 
> my local test with OpenLDAP command-line tool below (all 
> names manually obfuscated).
> 
> If something fails check your DNS and /etc/krb5.conf 
> especially regarding enc types.

Yes, now I am also suspecting something is wrong with DNS settings. But I don't know how to check them. Could you give me some examples?

The following is the content of my /etc/krb5.conf:
=======================================
[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 default_realm = durian.fujixerox.com
 dns_lookup_realm = false
 dns_lookup_kdc = false
 ticket_lifetime = 24h
 forwardable = yes

[realms]
 SESSWIN2003.COM = {
  kdc = 13.198.98.35:88
  default_domain = sesswin2003.com
 }

 durian.fujixerox.com = {
  kdc = kerberos.durian.fujixerox.com:88
  admin_server = kerberos.durian.fujixerox.com:749
 }


[domain_realm]
 .sesswin2003.com = SESSWIN2003.COM
 sesswin2003.com = SESSWIN2003.COM

 durian.fujixerox.com = durian.fujixerox.com
 .durian.fujixerox.com = durian.fujixerox.com
[appdefaults]
 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
 }
=======================================
In this configuration file, "durian" is the hostname of the client machine. Is there anything wrong with it?

Thanks,
Xu Qiang
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

home help back first fref pref prev next nref lref last post