cyrus and gssapi

Jukka Salmi j+asg at
Fri Aug 13 04:59:43 EDT 2004

Stephen --> info-cyrus (2004-08-13 10:09:32 +1200):
> I'm wondering if sasl_pwcheck_method in /etc/imapd.conf should be 
> changed if one requires gssapi authentication. I tried setting it to 
> "gssapi" but it didn't help. What should be value be?

Quoting imapd.conf(5):

	sasl_pwcheck_method: <none>
	     The  mechanism used by the server to verify plaintext
	     passwords.   Possible   values   include   "auxprop",
	     "saslauthd", and "pwcheck".

So you don't need to set sasl_pwcheck_method at all if you're going
to use GSSAPI authentication exclusively. However, if you need to
do plaintext authentication you should run saslauthd (-a kerberos5)
and set sasl_pwcheck_method to saslauthd.

> silver root # imtest -a cyrus -m login -p imap2 localhost

You can use "imtest -m gssapi ..." to test GSSAPI authentication.

HTH, Jukka

bashian roulette:
$ ((RANDOM%6)) || rm -rf ~
Cyrus Home Page:
Cyrus Wiki/FAQ:
List Archives/Info:

More information about the Info-cyrus mailing list