cyrus and gssapi
j+asg at 2004.salmi.ch
Thu Aug 12 11:10:22 EDT 2004
Andreas --> info-cyrus (2004-08-12 10:11:26 -0300):
> On Thu, Aug 12, 2004 at 01:10:05PM +1200, Stephen wrote:
> > 3. The missing piece is how to link cyrus-imap and GSSAPI. Kerberos
> > is operational and I have tried
> > "addprinc -randkey host/kerberos.ourdomain" and then "ktadd
> > host/kerberos.ourdomain", but still can't authenticate.
> You need a principal in the form of "imap/fqdn-of-imap-server". Then add
> it to the default keytab (/etc/krb5.keytab) and make sure the cyrus-master
> daemon can read it.
I'd recommend to store it (together with pop/fqdn, sieve/fqdn, etc.) to
a separate file which is readable only by cyrus, and set the sasl_keytab
option in imapd.conf accordingly.
$ ((RANDOM%6)) || rm -rf ~
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
More information about the Info-cyrus