Auth Cyrus against Win2K-ADS

lst_hoe01 at kwsoft.de lst_hoe01 at kwsoft.de
Tue Mar 30 09:17:11 EST 2004


Zitat von Nikola Milutinovic <Nikola.Milutinovic at ev.co.yu>:

> lst_hoe01 at kwsoft.de wrote:
> >
> > I will try to move the imap.keytab to krb5.keytab (readable by cyrus) and
> > see if i get further on.
> 
> That is a big flaw in the current implementations of Kerberos5. Separate
> servers need separate KeyTabs. CHROOT-ing is a workaround, but I don't thing
it 
> can be easyly done for Cyrus IMAP. I know the length it needed to go for
> OpenLDAP+SASL in order to make it run ChRoot-ed.

I am really not keen on trying to CHROOT-ing Cyrus :-(
Is it really that hard to make the location of the keytab file configurable or
is it only not done yet?

BTW : moving the /etc/imap.keytab to /etc/krb5.keytab was the needed hint to
make the Kerberos-Auth work. Now i want to try "plain/login -> kerberos -> ADS"
for backward compatibility :-(

Thanxs

Andreas
---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html




More information about the Info-cyrus mailing list