kerberosV, does this thing work with murder?
D.H.Davis at bath.ac.uk
Mon Feb 27 11:36:41 EST 2006
On Sun, 26 Feb 2006, Khalid Mehmood wrote:
> From: Khalid Mehmood <mehmood67 at yahoo.com>
> To: info-cyrus at lists.andrew.cmu.edu
> Date: Sun, 26 Feb 2006 21:13:50 -0800 (PST)
> Subject: kerberosV, does this thing work with murder?
> Thanks a lot Patrick for such a detailed reply, but
> I'm still stuck at gssapi/murder setup. Do one needs
> "mupdate/hostFQDN" service principle to make
> murder/gssapi work? I have "host/FQDN", "imap/FQDN"
Not sure, but I *think* you may need this. The logs on your
kerberos server should tell you. You'll see a request for an
unknown principal of the form "mupdate/hostFQDN".
Note you'll also need "pop/FQDN" and "sieve/FQDN" if you want
to use these services.
> but still things doesn't work. The relevent part of
> imapd.conf on my frontend machine:
> sasl_pwcheck_method: saslauthd
> sasl_mech_list: GSSAPI
> keytab: /etc/imap/krb5.keytab
This needs to be "sasl_keytab", not "keytab". If you do need a
"mupdate/hostFQDN" principal, it'll need to be in this file.
> mupdate_admin: cyrus
> mupdate_server: abc.example.com
> mupdate_username: cyrus
> abc_mechs: GSSAPI
> Do I need something more to make this work?
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
D.H.Davis at bath.ac.uk Phone: +44 1225 386101
More information about the Info-cyrus