In a recent system upgrade, I experienced a weekend full of head-pounding
hours trying to figure out why saslauthd was failing. It turned out to be
a silly problem with non-fully qualified domain names in the /etc/hosts
file, but it took forever to figure this out. Based on some google
searches, I'm not the only one to have run into this issue.
I added a debugging code snippet to auth_krb5.c that provided the critical
insight into what was going on, which just logs what saslauthd has decided
as the service principal it should use. I think it may be worth
incorporating into the trunk.
diff -u -r1.1 auth_krb5.c
--- /tmp/T0..aWpw Tue Mar 31 11:18:05 2009
+++ auth_krb5.c Sat Mar 14 13:14:51 2009
@@ -266,6 +266,7 @@
krb5_keytab kt = NULL;
char thishost[BUFSIZ];
int result = 0;
+ char *princ_name;
memset(&packet, 0, sizeof(packet));
@@ -274,6 +275,11 @@
return 0;
}
+ k5_retcode = krb5_unparse_name(context, server, &princ_name);
+ syslog(LOG_DEBUG,"k5support_verify_tgt: Principal name set to %s",
+ princ_name);
+ free(princ_name);
+
if (keytabname) {
if (krb5_kt_resolve(context, keytabname, &kt)) {
goto fini;
Michael Bacon
ITS Messaging
UNC Chapel Hill
