Hello All I have installed cyrus-SASL libraries to do GSSAPI-based authentication when interacting with Postfix. I have also installed and tested Kerberos. I can successfully test GSSAPI authentication using samples provided by SASL (sample-server and sample-client). I have created a service principal for Postfix as smtp/client2.domain....@domain.net <http://domain.net/> and I have put the corresponding keytab file in /etc/krb5.keytab. Also, I have set the KRB5_KTNAME environment variable to point to the keytab file. Using kadmin.local and ktadd -k, I import smtp's keytab and I can verify it by issuing klist -k. Under /etc/postfix/sasl, I have created smtp.conf with the following contents: keytab: /etc/smtp.keytab mech_list: gssapi Before testing Postfix, I use kinit to authenticate the user who wants to authenticate to Postfix. Then, I use telnet to test GSSAPI authentication: # telnet client2.domain.net 25 ... ehlo example.com auth gssapi base 64 encoded userid When I monitor the logs, I see the following failure messages: warning: SASL authentication failure: GSSAPI Error: Invalid token was supplied (No error) What does the above line mean? Where do I go wrong in the process?
Kind Regards Ali Majdzadeh Kohbanani
