[Freeipa-users] SASL GSSAPI behavior change in RHEL 7
Erinn Looney-Triggs
erinn.looneytriggs at gmail.com
Wed Jan 14 08:39:35 UTC 2015
This is not exactly the right place to post this message, but I reckon it is
close enough.
A year or so ago, I wrote up a guide for configuring a Postfix client to use
Kerb/GSSAPI to authenticate against a Postfix server acting as a relay. The
guide is here: https://stomp.colorado.edu/blog/blog/2013/07/09/on-freeipa-postfix-and-a-relaying-smtp-client/
and it is linked somewhere on the FreeIPA pages. It was written for RHEL 6.x
Everything worked fine and I forgot everything I ever learned to write the
guide :).
With the release of RHEL 7 I am again going back through the process of
validating that things work as I believe they should etc. Trying to configure
up this same setup with RHEL 7 is however, proving to be problematic. The
configuration directives have not changed and everything should in theory work,
however it simply doesn't.
My basic layout is as follows, RHEL 7 Postfix client attempting to relay
through a RHEL 6 Postfix server using Kerberos.
SASL appears to be bailing when attempting to use GSSAPI for auth with the
Postfix server. The specific error is:
warning: SASL authentication failure: GSSAPI Error: A required input
parameter could not be read (Unknown error)
Which means all of nothing to me. However, I found the following bug in Cyrus'
bugzilla: https://bugzilla.cyrusimap.org/show_bug.cgi?id=3480
Essentially mentioning the same thing, and mentioning that this error is
cropping up in a few places (autofs is mentioned). The specific commit they
reference is here: http://git.cyrusimap.org/cyrus-sasl/commit/?id=080e51c7fa0421eb2f0210d34cf0ac48a228b1e9
I don't know whether this is an incompatibility, I don't know whether running
against a RHEL 7 Postfix server will help in any way. I actually don't know
much of anything about this, and hence wanted to ask for thoughts from folks
who may be more in the know than I am.
Any ideas what this is all about? Any thoughts about possible solutions?
-Erinn
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: This is a digitally signed message part.
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150114/03e34313/attachment.sig>
More information about the Freeipa-users
mailing list