See also kern/76678 See the history of pam_krb5.c http://www.freebsd.org/cgi/cvsweb.cgi/src/lib/libpam/modules/pam_krb5/pam_krb5.c Since I upgraded from 7.2 to 8.1 it is no more possible to use saslauthd -a pam against a Kerberos system (like Active Directory). I assume since the update was made regarding no_user_check. Before this changes all was working without any problems. /var/log/auth shows: Feb 11 15:27:40 acsvfbsd04 saslauthd[2742]: pam_krb5: verify_krb_v5_tgt(): krb5_kt_read_service_key(): Key table entry not found Feb 11 15:27:40 acsvfbsd04 saslauthd[2742]: DEBUG: auth_pam: pam_acct_mgmt failed: unknown user Feb 11 15:27:40 acsvfbsd04 saslauthd[2742]: do_auth : auth failure: [user=username] [service=imap] [realm=] [mech=pam] [reason=PAM acct error] The entry "unknown user" point me to the idea that PAM checks against the local user base again. After I add the user username to the local user base (adduser username), the authentication works as expected. Since Kerberos5 in the base system is broken (see http://www.freebsd.org/cgi/query-pr.cgi?pr=151444) there is no more option to authenticate against Active Directory. How-To-Repeat: I used imtest from ports/cyrus-imapd24: imtest -u username localhost
Responsible Changed From-To: freebsd-bugs->des Reclassify and assign.
For bugs matching the following criteria: Status: In Progress Changed: (is less than) 2014-06-01 Reset to default assignee and clear in-progress tags. Mail being skipped