In regard to: Pass-though Authentication with Saslauthd and Kerberos, Jeff...:
I'm attempting to get pass-though auth to work against saslauthd and kerberos
I have this exact configuration working, thanks in great measure to people on this list and a lot of tinkering.
I note a few differences between your config and mine; I'm not certain which, if any, of the differences are important, but I'll point them out.
Centos 6 openldap-2.4.23-15.el6_1.3.x86_64 openldap-clients-2.4.23-15.el6_1.3.x86_64 openldap-servers-2.4.23-15.el6_1.3.x86_64 openldap-devel-2.4.23-15.el6_1.3.x86_64 krb5-server-1.9-9.el6_1.2.x86_64 krb5-server-ldap-1.9-9.el6_1.2.x86_64 krb5-workstation-1.9-9.el6_1.2.x86_64 krb5-libs-1.9-9.el6_1.2.x86_64 cyrus-sasl-2.1.23-8.el6.x86_64 cyrus-sasl-lib-2.1.23-8.el6.x86_64 cyrus-sasl-gssapi-2.1.23-8.el6.x86_64 cyrus-sasl-plain-2.1.23-8.el6.x86_64 cyrus-sasl-devel-2.1.23-8.el6.x86_64
I'm using locally-built openldap RPMs on RHEL 5, and have openldap 2.4.25 installed currently.
/etc/sasl2/slapd.conf: mech_list: plain pwcheck_method: saslauthd saslauthd_path: /var/run/saslauthd/mux
I have two differences in my /etc/sasl2/slapd.conf from yours.
1) my mech_list is
mech_list: kerberos5 external
2) I specify
sasl-host: my-ldap-server-fqdn-here
/etc/sysconfig/saslauthd KRB5_KTNAME=/etc/krb5.keytab SOCKETDIR=/var/run/saslauthd MECH=kerberos5
Mine is similar, though I'm not specifying the krb5.keytab file for saslauthd.
For as useful as SASL is, it takes a while to come up to speed on how to configure it. I wish it was as well documented as openldap is.
Tim