cyrus and gssapi

Jukka Salmi j+asg at 2004.salmi.ch
Fri Aug 13 04:59:43 EDT 2004


Stephen --> info-cyrus (2004-08-13 10:09:32 +1200):
> I'm wondering if sasl_pwcheck_method in /etc/imapd.conf should be 
> changed if one requires gssapi authentication. I tried setting it to 
> "gssapi" but it didn't help. What should be value be?

Quoting imapd.conf(5):

	sasl_pwcheck_method: <none>
	     The  mechanism used by the server to verify plaintext
	     passwords.   Possible   values   include   "auxprop",
	     "saslauthd", and "pwcheck".

So you don't need to set sasl_pwcheck_method at all if you're going
to use GSSAPI authentication exclusively. However, if you need to
do plaintext authentication you should run saslauthd (-a kerberos5)
and set sasl_pwcheck_method to saslauthd.


> silver root # imtest -a cyrus -m login -p imap2 localhost

You can use "imtest -m gssapi ..." to test GSSAPI authentication.


HTH, Jukka

-- 
bashian roulette:
$ ((RANDOM%6)) || rm -rf ~
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html




More information about the Info-cyrus mailing list