admins: kerberos instance
benp at imap.reed.edu
Thu Jan 15 10:17:21 EST 2004
I got bitten by this a long time ago.
If you built cyrus with --with-auth=unix then you'll find that "/"
characters in usernames are not allowed because such characters are not
allowed in a mailbox name.
This following is by **no means** an officially sanctioned fix (but it's
been working well for us for almost a year)....
If you're careful (and are only using your kerberos */admin instances
for cyrus administrative operations, not creating mailboxes for them),
then you can remove the "/" from the forbidden character list.
This list of allowed and disallowed characters is specified in
the cyrus source distribution lib/auth_unix.c starting around line 97.
Hint, "/" is "4F" in hex, so check for the value of 4F in the table of
characters listed in auth_unix.c. The value in your case should
probably be set to "1" (allowed as long as there are some alphanumeric
characters in it as well).
* ms419 at freezone.co.uk <ms419 at freezone.co.uk> [040115 04:05]:
> I am trying to make one instance of a kerberos principal the cyrus
> administrator. I've set the "admins:" field to "username/admin". When I
> try running "cyradm -u username/admin servername", cyradm complains:
> cyradm: cannot authenticate to server as user username/admin
> Syslog contains the following entry:
> badlogin: wum.lat[192.168.179.73] GSSAPI [SASL(-13): authentication
> failure: bad userid authenticated]
> What's the problem?
Ben Poliakoff email: benp at imap.reed.edu
Reed College tel: 503-788-6674
Unix System Administrator PGP key: 0x6AF52019
PGP fingerprint: A131 F813 7A0F C5B7 E74D C972 9118 A94D 6AF5 2019
More information about the Info-cyrus