Help needed with Cyrus, Sasl, Kerberos5
dwhite at olp.net
Thu Aug 14 09:32:11 EDT 2008
Michael Guyver wrote:
> 2008/8/13 Dan White <dwhite at olp.net>:
>> Typically you would not specify a user (-a) in your GSSAPI connection.
>> Specifying a -u is asking the server to do proxy authorization, requiring
>> the identity in the ticket to exist in proxy_admins I believe, unless you're
>> providing the same identity in your -u as exists in your ticket.
> Ah, I see. I didn't realise it was trying to do proxy-authentication,
> I thought that different -u and -a values would produce that effect.
> I'll have another go trying it without either -u or -a. Any chance you
> could elaborate on your "proxy_admins" comment, though?
I should have said 'proxyservers', which is a configuration item within
imapd.conf. It allows you to configure users who are allowed to proxy
auth (-u) as any other identity.
More information about the Cyrus-sasl