admins: kerberos instance

Ben Poliakoff benp at
Thu Jan 15 10:17:21 EST 2004

I got bitten by this a long time ago.

If you built cyrus with --with-auth=unix then you'll find that "/"
characters in usernames are not allowed because such characters are not
allowed in a mailbox name.

This following is by **no means** an officially sanctioned fix (but it's
been working well for us for almost a year)....

If you're careful (and are only using your kerberos */admin instances
for cyrus administrative operations, not creating mailboxes for them),
then you can remove the "/" from the forbidden character list.

This list of allowed and disallowed characters is specified in
the cyrus source distribution lib/auth_unix.c starting around line 97.
Hint, "/" is "4F" in hex, so check for the value of 4F in the table of
characters listed in auth_unix.c.  The value in your case should
probably be set to "1" (allowed as long as there are some alphanumeric
characters in it as well).


* ms419 at <ms419 at> [040115 04:05]:
> I am trying to make one instance of a kerberos principal the cyrus 
> administrator. I've set the "admins:" field to "username/admin". When I 
> try running "cyradm -u username/admin servername", cyradm complains:
> cyradm: cannot authenticate to server as user username/admin
> Syslog contains the following entry:
> badlogin:[] GSSAPI [SASL(-13): authentication 
> failure: bad userid authenticated]
> What's the problem?
> Thanks,
> Jack

Ben Poliakoff                                email: benp at
Reed College                                        tel:  503-788-6674
Unix System Administrator                          PGP key: 0x6AF52019
PGP fingerprint:    A131 F813 7A0F C5B7 E74D  C972 9118 A94D 6AF5 2019

More information about the Info-cyrus mailing list