Removing realm from usernames authenticated by GSSAPI (and two more unrelated questions)

Aleksandar Milivojevic amilivojevic at pbl.ca
Tue Jan 11 17:24:14 EST 2005 

I've got authentication using GSSAPI working.  However, when I use 
GSSAPI, imapd treats my login name as virtual domain.  Is there a way to 
configure imapd to disregard @realm part of login that SASL returns?  I 
have users in multiple realms, but usernames are guaranteed to be uniq, 
so I don't want to configure virtual domains (there's also a longer 
story why I can't do this, but I wan't bother people with it).

Examples.  If I login using plain or login:

$ imtest -m login -t "" mail-server
.... auth part snipped ....
. LIST "" "%"
* LIST (\HasChildren) "." "INBOX"
. OK Completed (0.000 secs 6 calls)

In this case, imapd reports I was logged in as "foobar".

However, if I login using GSSAPI:

$ imtest mail-server
.... auth part snipped ....
. LIST "" "%"
. OK Completed (0.000 secs 1 calls)

In this case, imapd reports I was logged in as "foobar at realm".  So my 
INBOX isn't there anymore.  What I really want is to be logged in as 
just "foobar" (no "@realm").

While I'm at GSSAPI.  There's configuration option "srvtab".  I tought 
that it is used to provide path to Kerberos keytab file to be used. 
However, it seems it either isn't used for that, or that it doesn't 
work.  I had to provide KRB5_KTNAME environment variable to get imapd to 
use correct keytab file.

One more question, just out of curiosity (I don't intend to implement 
it).  I've noticed that if GSSAPI is configured, than plain and login 
can be used only over TLS (I'm not really sure about this, maybe I 
noticed wrong ;-).  If it is not configured, plain and login are allowed 
in plaintext.  Is there a configuration variable to controll this?  Like 
force TLS even if GSSAPI is not configured, or allow plaintext in case 
GSSAPI is configured?  allowplaintext option doesn't seem to work!?

-- 
Aleksandar Milivojevic <amilivojevic at pbl.ca>    Pollard Banknote Limited
Systems Administrator                           1499 Buffalo Place
Tel: (204) 474-2323 ext 276                     Winnipeg, MB  R3T 1L7
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

More information about the Info-cyrus mailing list