SASL + IMAP + GSSAPI failure (other gssapi stuff works)
Will Fiveash
William.Fiveash at sun.com
Wed Feb 7 18:37:39 EST 2007
On Wed, Feb 07, 2007 at 05:04:48PM -0500, Jeff Blaine wrote:
> [ Next 6 paragraphs added after writing the stuff further down ]
>
> I'm not sure when this changed, but the error is now the
> following. Perhaps when I started using a real 'jblaine'
> shell with k5 creds via Russ Alberry's pam_krb5.so
>
> Feb 7 16:50:38 noodle.foo.com imtest[25918]: GSSAPI Error:
> Unspecified GSS failure. Minor code may provide more information
> (Server not found in Kerberos database)
>
> As an aside, you know, the whole SEAM stuff really kind of pisses
> me off. It just completely gets in my way.
How does it get in your way? For open source that I've compiled that
requires the MIT krb lib API, I've compiled the MIT krb distribution and
installed it in /usr/local and other open source distributions find what
they need there without any conflict with Solaris krb libs or config
files. Of course when I use the MIT krb I make sure my PATH is set so I
pick up the MIT krb commands and not the native Solaris versions. I do
see that there could be cred cache issues but it seems like one should
either use just MIT or Solaris for krb and not mix use of the two on the
same system.
> If they're not going to provide Kerberos API files so I can build
> OpenAFS against it, it's garbage to me. I've checked the latest
> official Solaris 10 release via Sun Download and the stuff STILL isn't
> there.
Solaris support for the Kerberos API (similar to that in MIT) is coming
but our dev. process does take some time (testing, docs, packaging,
etc...). There will be a S10 update with that support.
Also note that there is support in Solaris 10 for libsasl and the gssapi
plugin for both client and server use. Search for SASL in the Solaris
10 docs section on docs.sun.com.
--
Will Fiveash
Sun Microsystems Inc.
Austin, TX, USA (TZ=CST6CDT)
More information about the Cyrus-sasl
mailing list