Solved: Cyrus Imapd with SASL, authenticate against AD Windows 2003 with Kerberos5

Henry B. Hotz hotz at
Fri Aug 7 13:48:55 EDT 2009

If you have a functional keytab, then you don't need to disable the AP- 
REQ verification with that special line in the krb5.conf that someone  
posted.  In fact you *should*not* disable it.

On Aug 5, 2009, at 9:43 PM, Martin Schweizer wrote:

> Hello Henry
> 2009/8/6 Henry B. Hotz <hotz at>:
>> Or get a host principal keytab for the machine (the preferred  
>> solution).
> What do you mean with this? As I posted the Kerberos5 authentication
> works as expected. This means for me /etc/krb5.keytab is correct (it's
> exported from one of our domain controllers, as recommended from
> Microsoft).
> Regards,
> -- 
> Martin Schweizer
> schweizer.martin at
> Tel.: +41 32 512 48 54 (VoIP)
> Fax: +1 619 3300587

The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz at, or hbhotz at

More information about the Cyrus-sasl mailing list