kerberosV, does this thing work with murder?

Dennis Davis D.H.Davis at bath.ac.uk
Mon Feb 27 11:36:41 EST 2006


On Sun, 26 Feb 2006, Khalid Mehmood wrote:

> From: Khalid Mehmood <mehmood67 at yahoo.com>
> To: info-cyrus at lists.andrew.cmu.edu
> Date: Sun, 26 Feb 2006 21:13:50 -0800 (PST)
> Subject: kerberosV, does this thing work with murder?
> 
> Thanks a lot Patrick for such a detailed reply, but
> I'm still stuck at gssapi/murder setup. Do one needs
> "mupdate/hostFQDN" service principle to make
> murder/gssapi work? I have "host/FQDN", "imap/FQDN"

Not sure, but I *think* you may need this.  The logs on your
kerberos server should tell you.  You'll see a request for an
unknown principal of the form "mupdate/hostFQDN".

Note you'll also need "pop/FQDN" and "sieve/FQDN" if you want
to use these services.

> but still things doesn't work. The relevent part of
> imapd.conf on my frontend machine:
> 
> sasl_pwcheck_method: saslauthd
> sasl_mech_list: GSSAPI
> keytab: /etc/imap/krb5.keytab
  ^^^^^^
This needs to be "sasl_keytab", not "keytab".  If you do need a
"mupdate/hostFQDN" principal, it'll need to be in this file.

> mupdate_admin: cyrus
> mupdate_server: abc.example.com
> mupdate_username: cyrus
> abc_mechs: GSSAPI
> 
> Do I need something more to make this work? 
-- 
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
D.H.Davis at bath.ac.uk               Phone: +44 1225 386101


More information about the Info-cyrus mailing list