Mapping users (either KerberosV or TLS certs)
Wesley Craig
wes at umich.edu
Thu Jul 6 11:17:15 EDT 2006
On 05 Jul 2006, at 20:02, Phil Pennock wrote:
> can anyone
> please explain how to configure Cyrus so that a KerberosV /admin
> principal can be treated as a Cyrus admin user? I've tried inserting
> various entries into sasldb to back this up, putting things into
> /etc/krb5.equiv as well as various values for "admins:" and I'm
> stumped.
I do this, and I'm pretty no changes to sasldb or krb5.equiv were
necessary. AFAIK, all we did was mention the IDs in imapd.conf.
# administrative principals
admins: imap/xxx.mail.umich.edu imap/yyy.mail.umich.edu imap/
mail.umich.edu imap/web.mail.umich.edu
# front-end hosts
proxyservers: imap/mail.umich.edu imap/web.mail.umich.edu
More or less.
> badlogin: domus.home.globnix.net [192.168.1.101] GSSAPI [SASL
> (-13): authentication failure: bad userid authenticated]
SASL errors like this typically have a corresponding error reported
to LOG_AUTH.
:wes
More information about the Info-cyrus
mailing list