SASL + IMAP + GSSAPI failure (other gssapi stuff works)
Jeff Blaine
jblaine at kickflop.net
Wed Feb 7 15:17:20 EST 2007
Hi Ken,
Doesn't work as native jblaine with kerberos creds either:
jblaine > id
uid=26560(jblaine) gid=10(staff)
jblaine > klist
Ticket cache: /tmp/krb5cc_26560_VKaqJX
Default principal: jblaine at JBTEST
Valid starting Expires
Service principal
Wed Feb 07 15:07:51 2007 Thu Feb 08 15:07:51 2007 krbtgt/JBTEST at JBTEST
Wed Feb 07 15:07:51 2007 Thu Feb 08 15:07:51 2007 afs at JBTEST
jblaine > /export/home/bin/imtest -k 1 -u jblaine -a jblaine -v -m gssapi
WARNING: no hostname supplied, assuming localhost
S: * OK noodle.foo.com Cyrus IMAP4 v2.2.12 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND
BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE
LOGINDISABLED AUTH=GSSAPI SASL-IR
S: C01 OK Completed
Authentication failed. generic failure
Security strength factor: 0
(...and same error syslogged as before)
Ken Hornstein wrote:
>> Does anyone know where to go from here? Please reply-all
>> (not just to the list), as I am subscribed in Digest mode.
>
> It looks like it should be simple to solve. The error you care about
> is at the end:
>
>> [...]
>> # /export/home/bin/imtest -m GSSAPI -a jblaine -u jblaine -k 1 -v
>> WARNING: no hostname supplied, assuming localhost
>> [...]
>> Feb 7 14:48:54 noodle.foo.com imtest[25302]: [ID 702911 auth.notice]
>> GSSAPI Error: Unspecified GSS failure. Minor code may provide more
>> information (No credentials cache found)
>
> "No credential cache found" is the Kerberos error you're getting. Perhaps
> you forgot to run kinit before you ran imtest?
>
> --Ken
More information about the Cyrus-sasl
mailing list