Solved: Cyrus Imapd with SASL, authenticate against AD Windows 2003 with Kerberos5
Henry B. Hotz
hotz at jpl.nasa.gov
Fri Aug 7 13:48:55 EDT 2009
If you have a functional keytab, then you don't need to disable the AP-
REQ verification with that special line in the krb5.conf that someone
posted. In fact you *should*not* disable it.
On Aug 5, 2009, at 9:43 PM, Martin Schweizer wrote:
> Hello Henry
>
>
> 2009/8/6 Henry B. Hotz <hotz at jpl.nasa.gov>:
>> Or get a host principal keytab for the machine (the preferred
>> solution).
>
> What do you mean with this? As I posted the Kerberos5 authentication
> works as expected. This means for me /etc/krb5.keytab is correct (it's
> exported from one of our domain controllers, as recommended from
> Microsoft).
>
> Regards,
> --
> Martin Schweizer
> schweizer.martin at gmail.com
> Tel.: +41 32 512 48 54 (VoIP)
> Fax: +1 619 3300587
------------------------------------------------------
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz at jpl.nasa.gov, or hbhotz at oxy.edu
More information about the Cyrus-sasl
mailing list