murder configuration?
Khalid Mehmood
mehmood67 at yahoo.com
Fri Jun 16 08:39:38 EDT 2006
I'm running a "Test" murder setup using
cyrus-imapd-2.3.6 trying to use kerberos V
authentication between front-end and Mupdate Master. I
have a couple of questions regarding kerberos
principals.
1) Do I need a user principal on front-end along with
mupdate service key?
2) Do Mupdate Master and front-end need imap service
principals?
Front-end cyrus.conf:
# standard standalone server implementation
START {
auth cmd="/usr/kerberos/bin/kinit -k -t
/etc/imap/mupdate.keytab mupdate/fe.example.com"
recover cmd="ctl_cyrusdb -r"
}
SERVICES {
mupdate cmd="/usr/lib/cyrus-imapd/mupdate"
listen=3905 prefork=1
imap cmd="proxyd" listen="imap" prefork=10
maxchild=750
imaps cmd="proxyd -s" listen="imaps"
prefork=10 maxchild=750
imapp cmd="proxyd" listen="imap-priv"
prefork=2 maxchild=5
lmtp cmd="proxyd"
listen="/var/lib/imap/socket/lmtp" prefork=5
maxchild=10
sieve cmd="timsieved" listen="sieve"
prefork=1 maxchild=10
# lmtpunix cmd="porxyd"
listen="/var/lib/imap/socket/lmtpproxy" prefork=1
}
EVENTS {
checkpoint cmd="ctl_cyrusdb -c" period=5
delprune cmd="cyr_expire -E 3" period=1440
tlsprune cmd="tls_prune" period=1440
reauth cmd="/usr/kerberos/bin/kinit -k -t
/etc/imap/mupdate.keytab mupdate/fe.example.com"
period="300"
}
Mupdate master cyrus.conf:
# standard standalone server implementation
START {
auth cmd="/usr/kerberos/bin/kinit -k -t
/etc/krb5.keytab mupdate/master.example.com"
recover cmd="ctl_cyrusdb -r"
idled cmd="idled"
}
SERVICES {
mupdate cmd="/usr/lib/cyrus-imapd/mupdate -m"
listen=3905 prefork=1
imap cmd="imapd" listen="imap" prefork=5
imaps cmd="imapd -s" listen="imaps"
prefork=1
pop3 cmd="pop3d" listen="pop3" prefork=3
pop3s cmd="pop3d -s" listen="pop3s"
prefork=1
sieve cmd="timsieved" listen="sieve"
prefork=0
lmtpunix cmd="lmtpd"
listen="/var/lib/imap/socket/lmtp" prefork=1
}
EVENTS {
checkpoint cmd="ctl_cyrusdb -c" period=30
delprune cmd="cyr_expire -E 3" at=0400
tlsprune cmd="tls_prune" at=0400
reauth cmd="/usr/kerberos/bin/kinit -k -t
/etc/krb5.keytab mupdate/master.example.com"
period="300"
}
Regards
KMK
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the Info-cyrus
mailing list