SASL + IMAP + GSSAPI failure (other gssapi stuff works)
Jeff Blaine
jblaine at kickflop.net
Wed Feb 7 14:59:14 EST 2007
Does anyone know where to go from here? Please reply-all
(not just to the list), as I am subscribed in Digest mode.
Preliminary notes:
1. CVS 'gserver' authentication as 'jblaine' via GSS-API works
fine (MIT Kerberos 5).
2. Cyrus SASL 2.1.22, Cyrus IMAP 2.2.12
=====imapd.conf==========================================================
configdirectory: /var/imap
defaultpartition: default
partition-default: /var/spool/imap
imap_admins: root cyrus
sieveusehomedir: false
autocreatequota: 200000
duplicate_db: skiplist
allowplaintext: false
force_sasl_mech: gssapi
sasl_log_level: 4
sasl_minimum_layer: 1
======imtest============================================================
# /export/home/bin/imtest -m GSSAPI -a jblaine -u jblaine -k 1 -v
WARNING: no hostname supplied, assuming localhost
S: * OK noodle.foo.com Cyrus IMAP4 v2.2.12 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND
BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE
LOGINDISABLED AUTH=GSSAPI SASL-IR
S: C01 OK Completed
Authentication failed. generic failure
Security strength factor: 0
...
Feb 7 14:48:54 noodle.foo.com imtest[25302]: [ID 702911 auth.notice]
GSSAPI Error: Unspecified GSS failure. Minor code may provide more
information (No credentials cache found)
========================================================================
More information about the Cyrus-sasl
mailing list