Authenticate to IMAP server via Active Directory
Wong, G. MR EECS
Gaylen.Wong at usma.edu
Thu Mar 18 17:44:40 EST 2004
We are trying to setup a Cyrus IMAP server(version 2.2.3) on a Redhat
Enterprise LINUX AS 3.0 box. For ease of management we would like to
authenticate users against a Microsoft Active Directory Domain
controller since
all users who would use the IMAP server are already there.
We have attempted to use Cyrus saslauthd( version 2.1.17) with kerberos5
to do this:
1. Cyrus sasl has been built with gssapi(kerberos5) support
2. cyrus imap has been built --with-auth=krb5
3. In /etc/imapd.conf sasl-pwcheck-method=saslauthd
4. We followed the instructions in
http://www.microsoft.com/windows2000/techinfo/planning/security/kerbstep
s.asp
to interoperate with the AD KDC: We generated both the host and
service-instance(imap) keytab files and
integrated them into the /etc/krb5.keytab file on the LINUX host.
Finally, we modified /etc/krb5.conf
according to the instructions. We tested kerberos with kinit and it
seems to be working.
5. We started saslauthd with: saslauthd -n0 -a kerberos5
6. Finally, we started imap with master -d
We have not had success with AD authentication. When a valid AD user
tries to login via the imap client( we are using microsoft outlook) we
get a cryptic "size read failed". When we use imtest we get a "No
credentials cache found" error. We are indeed clueless would
appreciate any help with this.
---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
More information about the Info-cyrus
mailing list