Cyrus problems with gssapi (heimdal)
Ian Delahorne
ian at stacken.kth.se
Thu Jan 15 23:42:01 EST 2004
I've managed to build cyrus-imapd-2.1.15 with cyrus-sasl-2.1.15 aginst
heimdal-0.6 on Solaris. I've gotten the server running, up to the
point where I want to start creating accounts. This server is intended
to primarily use GSSAPI to authenticate. I've checked out the
following principals in /etc/krb5.keytab (readable by the cyrus user):
host/imap.stacken.kth.se at STACKEN.KTH.SE
imap/imap.stacken.kth.se at STACKEN.KTH.SE
pop/imap.stacken.kth.se at STACKEN.KTH.SE
sieve/imap.stacken.kth.se at STACKEN.KTH.SE
imap/imap at STACKEN.KTH.SE
I've added "sasl_mech_list: GSSAPI" to imapd.conf, and tried using
imtest to authenticate with my admin principal:
S: * OK imap.stacken.kth.se Cyrus IMAP4 v2.1.15 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND
SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE LOGINDISABLED
AUTH=GSSAPI
S: C01 OK Completed
C: A01 AUTHENTICATE GSSAPI
S: +
C: *
Authentication failed. generic failure
Security strength factor: 0
A01 BAD Client canceled authentication
I've experimented with various sasl_pwcheck_method arguments, but no
joy. Running klist after imtest shows none of the principals from the
imap machine.
Where should I start looking?
--
/Ian D, Stacken
ian at stacken.kth.se
More information about the Info-cyrus
mailing list