cyrus and gssapi
j+asg at 2004.salmi.ch
Sat Aug 14 11:57:55 EDT 2004
(This discussion should be continued on the SASL list IMHO.)
Stephen --> info-cyrus (2004-08-15 02:32:00 +1200):
> Also, I tried exporting the keytab to a file /etc/krb5-cyrus.keytab, and
> added the line below to /etc/imapd.conf, but the imap server wouldn't
> respond to a keytab in /etc/krb5-cyrus.keytab (it did have cyrus
> ownership). I had to comment out the line and put the keytab in the
> standard place for the gentoo setup, /etc/krb5.keytab.
> ----> line below added to /etc/imapd.conf but didn't work for me.
> sasl_keytab: /etc/krb5-cyrus.keytab
> Jukka: How have you implemented sasl_keytab??
As you did: added the principals to /etc/pkg/krb5.keytabs/cyrus, and
set 'sasl_keytab: /usr/pkg/etc/krb5.keytabs/cyrus' in imapd.conf. BTW,
I'm using SASL 2.1.18, IMAPd 2.2.6 and Heimdal 0.6.1 (each installed
from pkgsrc on a NetBSD 1.6.2 system).
However, I'm not sure what's the right way to do it. The SASL documentation
seems to be contradictory: first of all, "keytab" is listed as an option
for the GSSAPI mechanism. But on sysadmin.html it states
"Currently, the keytab file location is not configurable and
defaults to the system default (probably /etc/krb5.keytab)."
On gssapi.html it tells about environment variables used by the
kerberos libraries to determine the keytab file, i.e. KRB5_KTNAME for
Heimdal (which I can confirm to be correct).
AFAICT the statement on sysadmin.html is not correct.
$ ((RANDOM%6)) || rm -rf ~
More information about the Info-cyrus