SASL + IMAP + GSSAPI failure (other gssapi stuff works)

Jeff Blaine jblaine at kickflop.net
Wed Feb 7 15:17:20 EST 2007


Hi Ken,

Doesn't work as native jblaine with kerberos creds either:

jblaine > id
uid=26560(jblaine) gid=10(staff)
jblaine > klist
Ticket cache: /tmp/krb5cc_26560_VKaqJX
Default principal: jblaine at JBTEST

Valid starting                       Expires 
Service principal
Wed Feb 07 15:07:51 2007  Thu Feb 08 15:07:51 2007  krbtgt/JBTEST at JBTEST
Wed Feb 07 15:07:51 2007  Thu Feb 08 15:07:51 2007  afs at JBTEST
jblaine > /export/home/bin/imtest -k 1 -u jblaine -a jblaine -v -m gssapi
WARNING: no hostname supplied, assuming localhost

S: * OK noodle.foo.com Cyrus IMAP4 v2.2.12 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS 
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND 
BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE 
LOGINDISABLED AUTH=GSSAPI SASL-IR
S: C01 OK Completed
Authentication failed. generic failure
Security strength factor: 0

(...and same error syslogged as before)

Ken Hornstein wrote:
>> Does anyone know where to go from here?  Please reply-all
>> (not just to the list), as I am subscribed in Digest mode.
> 
> It looks like it should be simple to solve.  The error you care about
> is at the end:
> 
>> [...]
>> # /export/home/bin/imtest -m GSSAPI -a jblaine -u jblaine -k 1 -v
>> WARNING: no hostname supplied, assuming localhost
>> [...]
>> Feb  7 14:48:54 noodle.foo.com imtest[25302]: [ID 702911 auth.notice] 
>> GSSAPI Error: Unspecified GSS failure.  Minor code may provide more 
>> information (No credentials cache found)
> 
> "No credential cache found" is the Kerberos error you're getting.  Perhaps
> you forgot to run kinit before you ran imtest?
> 
> --Ken


More information about the Cyrus-sasl mailing list