kerberos... stupid question...

Antoine Jacoutot ajacoutot at
Tue Jun 1 06:42:46 EDT 2004

Selon Jukka Salmi <jukka-asg at>:
> Authentication is not authorisation. The --with-auth option selects an
> authorisation module. See the overview document[1] for details.

Ok, I knew I was being stupid... thanks a bunch !

Now, following this, here is what I do not understand.
If I use auth=unix, I need users and/or groups to be in the system /etc/passwd
file for ACLs to work correctly, right ?
And if I use auth=krb5, I just need users (principals) to be in the kerberos
database, right ?

Now, when using auth=krb5, I'm trying to set new ACLs on a mailbox and here is
what I get:
sam testmail testuser at DOMAIN.COM c
setaclmailbox: testuser at DOMAIN.COM: c: Invalid identifier
.. but:
sam testmail testuser c --> works !

Note that testuser is just a kerberos principal, it does not exist in

Thanks :)

Cyrus Home Page:
Cyrus Wiki/FAQ:
List Archives/Info:

More information about the Info-cyrus mailing list