unified murder and GSSAPI
Huaqing Zheng
huasome at gmail.com
Tue Oct 17 21:27:27 EDT 2006
Has anyone gotten a unified Murder and GSSAPI configuration working?
The documentation is lacking, to say the least. This is what I'm
trying to do:
1 master mupdate server
8 unified frontend/backend servers
I want all the servers to authenticate with each other via K5 GSSAPI.
Ideally, I would like them to use a shared K5 keytab with the
principle name service/murder to communicate with each other. On the
mupdate server, in the cyrus.conf file, I have:
auth cmd="/usr/bin/k5start -H 60 -l 10h -f
/etc/keytab.murder -k /var/tmp/murder.k5.tgt service/murder
mupdate cmd="mupdate -m" listen=3905 prefork=1
(k5start is similar to ksrvtgt.) In imapd.conf, I have
admins: service/murder
On the initial testing backend server, I have the following in imapd.conf:
mupdate_server: <mupdate master>
mupdate_config: unified
mupdate_port: 3905
force_sasl_client_mech: GSSAPI
Yet when I switch over the cyrus user, set my KRB5CCNAME to the
correctly generated service/murder ticket and try to run ctl_mboxlist
-mw, I get the following in my syslog:
ctl_mboxlist[13748]: couldn't authenticate to backend server: generic failure
ctl_mboxlist[13847]: GSSAPI Error: Miscellaneous failure (Server not
found in Kerberos database)
Any ideas or pointers at better documentation on how to get this working?
--
Huaqing Zheng
Beer and Code Wrangler at Large
More information about the Info-cyrus
mailing list