authentication using kerberos
Rob Siemborski
rjs3 at andrew.cmu.edu
Wed Dec 22 19:52:04 EST 2004
On Wed, 22 Dec 2004, Aleksandar Milivojevic wrote:
> Rob Siemborski wrote:
>> On Tue, 21 Dec 2004, Aleksandar Milivojevic wrote:
>>
>>> saslauthd: auth_krb5: krb5_get_init_creds_password
>>> saslauthd: do_auth : auth failure: [user=username] [service=imap]
>>> [realm=] [mech=kerberos5] [reason=saslauthd internal error]
>>
>>
>> Do you have a host/(hostname) key in the database?
>
> OK, so I added host/hostname key. And the authentication against AD now
> works. I guess this step can't be skipped...
It can be if you use Heimdal for your unix side kerberos library. Its
been a while since I've looked at this and the reason for the difference
escapes me at the moment.
> However, I have several AD domains. Is it possible to define list of users
> and to which domain (realm) they belong, so that they just type the username
> (which is guaranteed to be uniq across all realms in my case), and cyrus
> imapd/saslauthd autheticates against correct AD server?
I suspect that you could do this with a code modification, but I don't
believe there is support for deriving the correct domain internally.
> If the only way is for the user to specify the realm (as in user at domain) when
> logging in (which I'd rather avoid, if possible), I have another problem ;-)
>
> When I type user at domain in MUA, authentication goes well, but IMAPD responds
> with "invalid mailbox" message. Do I need to create (in this case) all
> mailboxes as user at domain? Or?
Virtual domains.
-Rob
---------------------------------------------------------------------
Rob Siemborski
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
More information about the Info-cyrus
mailing list