On 01/27/12 10:43 -0800, Chastity Blackwell wrote:
Huh...well, what do you know, that works. Why is that though? I thought you had to specify a realm for it to work?
Whether or not you use a realm is up to you. If you have multiple kerberos realms, then you're going to need to specify one.
However, the reason this works is that:
[chas@ldapsandbox ~]$ /usr/sbin/testsaslauthd -u chas -p test -s ldap 0: OK "Success."
is simply passing a username to saslauthd, with no realm or domain. The kerberos backend, via your kerberos libraries, is using the default realm to authenticate you.
To further trouble shoot why '{SASL}user@realm' does not work, you should first verify that it works with testsaslauthd (-u chas@REALM), and if it doesn't, bring the problem over to the cyrus-sasl@lists.andrew.cmu.edu list.