Kacper:
> Hello,
>
> I've been trying to setup GSSAPI in postfix via cyrus-sasl. The service
> principal is configured and so is sasl2/smtpd.conf. All I get from the
> postfix log file is that the GSSAPI auth failed and that the minor error
> code was Success.
Indeed. Postfix does not implement GSSAPI. Cyrus SASL does. Therefore,
only Cyrus Sasl knows what is going on.
> Success as an error code doesn't leave much to go on. log_level: 7 did
> nothing to produce more verbose output.
It's a bit like logging into a system where you have no account.
The password check fails successfully.
> How do I debug this? Is there a configuration flag to bring out trace
> information? Perhaps postfix can be recompiled with some kind of SASL debug
> flag? I guess the last option would be to use gdb (already tried strace)
> but then I would need to know what to look for.
There is no code in Postfix to look inside the guts of Cyrus SASL.
You'd have to use some debugger like gdb for that (as described in
Postfix DEBUG_README).
However it may be possible to configure additional callbacks in
the Postfix xsasl_cyrus_server.c file:
176 /*
177 * SASL callback interface structure. These call-backs have no per-session
178 * context.
179 */
180 #define NO_CALLBACK_CONTEXT 0
181
182 static sasl_callback_t callbacks[] = {
183 {SASL_CB_LOG, (XSASL_CYRUS_CB) &xsasl_cyrus_log, NO_CALLBACK_CONTEXT},
184 {SASL_CB_LIST_END, 0, 0}
185 };
Perhaps there is anything in there that would shed a light on the
problem.
Wietse
