Problem with cyradm and krb5 */admin principals
Ben Poliakoff
benp at reed.edu
Wed Mar 26 14:47:34 EST 2003
We make use of SASL/GSSAPI authentication with our cyrus installation.
The man page for imapd.conf says that the "admins:" field may contain a
kerberos admin principal, enabling that admin principal to, well
administer the cyrus installation.
I can't get that to work with cyradm. I've tried repeatedly over the
last two years.
If I add "benp/admin" to the "admins:" line in imapd.conf and then try
to connect to the imap server (while having a tgt for benp/admin),
cyradm fails with this error:
cyradm: cannot authenticate to server with as benp
And imapd logs this:
Mar 26 11:36:02 xxxxx imapd[14556]: bad userid authenticated
Mar 26 11:36:02 xxxxx imapd[14556]: badlogin: xxxxx.reed.edu[xxx.xxx.xxx.xxx] GSSAPI [SASL(-13): authentication failure: bad userid authenticated]
My lame solution has been to use a dedicated "regular" (no / in the
name) principal. But if possible it sure would be great to be able to
reuse our */admin principals.
I'm currently using cyrus-imapd-2.1.12.
I've wondered if this is a problem with / characters and have tried a
lot of \ escaping and single tick quoting, to no avail.
What am I missing?
Anyone out there using */admin principals with cyradm?
Ben
--
---------------------------------------------------------------------------
Ben Poliakoff email: <benp at reed.edu>
Reed College tel: (503)-788-6674
Unix System Administrator PGP key: http://www.reed.edu/~benp/key.html
---------------------------------------------------------------------------
0x6AF52019 fingerprint = A131 F813 7A0F C5B7 E74D C972 9118 A94D 6AF5 2019
More information about the Info-cyrus
mailing list