cyrus and gssapi

Jukka Salmi j+asg at
Thu Aug 12 11:10:22 EDT 2004

Andreas --> info-cyrus (2004-08-12 10:11:26 -0300):
> On Thu, Aug 12, 2004 at 01:10:05PM +1200, Stephen wrote:
> >   3. The missing piece is how to link cyrus-imap and GSSAPI. Kerberos
> >      is operational and I have tried
> >      "addprinc -randkey host/kerberos.ourdomain" and then "ktadd
> >      host/kerberos.ourdomain", but still can't authenticate.
> You need a principal in the form of "imap/fqdn-of-imap-server". Then add
> it to the default keytab (/etc/krb5.keytab) and make sure the cyrus-master
> daemon can read it.

I'd recommend to store it (together with pop/fqdn, sieve/fqdn, etc.) to
a separate file which is readable only by cyrus, and set the sasl_keytab
option in imapd.conf accordingly.

HTH, Jukka

bashian roulette:
$ ((RANDOM%6)) || rm -rf ~
Cyrus Home Page:
Cyrus Wiki/FAQ:
List Archives/Info:

More information about the Info-cyrus mailing list