murder configuration?

Khalid Mehmood mehmood67 at yahoo.com
Fri Jun 16 08:39:38 EDT 2006


I'm running a "Test" murder setup using
cyrus-imapd-2.3.6 trying to use kerberos V
authentication between front-end and Mupdate Master. I
have a couple of questions regarding kerberos
principals.

1) Do I need a user principal on front-end along with
mupdate service key?

2) Do Mupdate Master and front-end need imap service
principals?

Front-end cyrus.conf:

# standard standalone server implementation
START {
   auth          cmd="/usr/kerberos/bin/kinit -k -t
/etc/imap/mupdate.keytab mupdate/fe.example.com"
   recover       cmd="ctl_cyrusdb -r"
}
SERVICES {
   mupdate       cmd="/usr/lib/cyrus-imapd/mupdate"
listen=3905 prefork=1
   imap          cmd="proxyd" listen="imap" prefork=10
maxchild=750
   imaps         cmd="proxyd -s" listen="imaps"
prefork=10 maxchild=750
   imapp         cmd="proxyd" listen="imap-priv"
prefork=2 maxchild=5
   lmtp          cmd="proxyd"
listen="/var/lib/imap/socket/lmtp" prefork=5
maxchild=10
   sieve         cmd="timsieved" listen="sieve"
prefork=1 maxchild=10
#   lmtpunix      cmd="porxyd"
listen="/var/lib/imap/socket/lmtpproxy" prefork=1
}
EVENTS {
   checkpoint    cmd="ctl_cyrusdb -c" period=5
   delprune      cmd="cyr_expire -E 3" period=1440
   tlsprune      cmd="tls_prune" period=1440
   reauth        cmd="/usr/kerberos/bin/kinit -k -t
/etc/imap/mupdate.keytab mupdate/fe.example.com"
period="300"
}

Mupdate master cyrus.conf:

# standard standalone server implementation

START {
  auth          cmd="/usr/kerberos/bin/kinit -k -t
/etc/krb5.keytab mupdate/master.example.com"
  recover       cmd="ctl_cyrusdb -r"
  idled         cmd="idled"
}

SERVICES {
  mupdate       cmd="/usr/lib/cyrus-imapd/mupdate -m"
listen=3905 prefork=1
  imap          cmd="imapd" listen="imap" prefork=5
  imaps         cmd="imapd -s" listen="imaps"
prefork=1
  pop3          cmd="pop3d" listen="pop3" prefork=3
  pop3s         cmd="pop3d -s" listen="pop3s"
prefork=1
  sieve         cmd="timsieved" listen="sieve"
prefork=0

  lmtpunix      cmd="lmtpd"
listen="/var/lib/imap/socket/lmtp" prefork=1
}

EVENTS {
  checkpoint    cmd="ctl_cyrusdb -c" period=30
  delprune      cmd="cyr_expire -E 3" at=0400
  tlsprune      cmd="tls_prune" at=0400
  reauth        cmd="/usr/kerberos/bin/kinit -k -t
/etc/krb5.keytab mupdate/master.example.com"
period="300"
}

Regards

KMK

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 


More information about the Info-cyrus mailing list