Removing realm from usernames authenticated by GSSAPI (and two more unrelated questions)

Jukka Salmi j+asg at
Tue Jan 11 18:02:10 EST 2005

Aleksandar Milivojevic --> info-cyrus (2005-01-11 16:24:14 -0600):
> I've got authentication using GSSAPI working.  However, when I use 
> GSSAPI, imapd treats my login name as virtual domain.

What is virtdomains set to in your imapd.conf?

> While I'm at GSSAPI.  There's configuration option "srvtab".  I tought 
> that it is used to provide path to Kerberos keytab file to be used. 

Hmm, sounds like Kerberos IV...

> However, it seems it either isn't used for that, or that it doesn't 
> work.  I had to provide KRB5_KTNAME environment variable to get imapd to 
> use correct keytab file.

You could set 'sasl_keytab: /path/to/keytab' in imapd.conf instead.

> One more question, just out of curiosity (I don't intend to implement 
> it).  I've noticed that if GSSAPI is configured, than plain and login 
> can be used only over TLS (I'm not really sure about this, maybe I 
> noticed wrong ;-).  If it is not configured, plain and login are allowed 
> in plaintext.  Is there a configuration variable to controll this?  Like 
> force TLS even if GSSAPI is not configured, or allow plaintext in case 
> GSSAPI is configured?  allowplaintext option doesn't seem to work!?

Set 'allowplaintext: 0' in imapd.conf.

HTH, Jukka

bashian roulette:
$ ((RANDOM%6)) || rm -rf ~
Cyrus Home Page:
Cyrus Wiki/FAQ:
List Archives/Info:

More information about the Info-cyrus mailing list