kerberos... stupid question...

Antoine Jacoutot ajacoutot at lphp.org
Tue Jun 1 06:42:46 EDT 2004


Selon Jukka Salmi <jukka-asg at 2004.salmi.ch>:
> Authentication is not authorisation. The --with-auth option selects an
> authorisation module. See the overview document[1] for details.

Ok, I knew I was being stupid... thanks a bunch !

Now, following this, here is what I do not understand.
If I use auth=unix, I need users and/or groups to be in the system /etc/passwd
file for ACLs to work correctly, right ?
And if I use auth=krb5, I just need users (principals) to be in the kerberos
database, right ?

Now, when using auth=krb5, I'm trying to set new ACLs on a mailbox and here is
what I get:
sam testmail testuser at DOMAIN.COM c
setaclmailbox: testuser at DOMAIN.COM: c: Invalid identifier
.. but:
sam testmail testuser c --> works !

Note that testuser is just a kerberos principal, it does not exist in
/etc/passwd.

Thanks :)

Antoine
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html




More information about the Info-cyrus mailing list