Kerberos and cached credentials with clients that only support LOGIN
Roland Pope
rpope at jadeworld.com
Thu Mar 6 17:26:43 EST 2003
Hi,
I am running cyrus-imapd 2.1.12 on a RedHat 7.3 box and have been using
pam_smb via saslauthd to authenticate my outlook clients. Now that our DC's
are running Win2k, I would like to use kerberos under AD to do my auth.
I can get things working by changing the pam_smb_auth library in
/etc/pam.d/imap to pam_krb5.so which is good. The question I have is, is
there a way of caching credentials? The pam_krb5.so library appears to
support cached credentials, and when I log in using SSH and pam_krb5, a
cached credentials file is created in /tmp. But when I login to IMAP via
saslauthd->pam->kerberos, no file is created. The end result of this is that
I get a kerberos TGT with every login. Is there any way around this that
people are aware of?
I'm just trying to reduce the auth load on my DC's.
Thanks
Roland
More information about the Info-cyrus
mailing list