cyradm auth failure with krb admin instances
Jukka Salmi
j+asg at 2006.salmi.ch
Sun Oct 22 10:32:58 EDT 2006
Jukka Salmi --> info-cyrus (2006-10-22 16:23:30 +0200):
> Hi,
>
> I'm using Cyrus IMAP4 v2.2.13.
>
> I haven't used cyradm for some time, but today I noticed I can't log
> in as admin anymore because GSSAPI authentication fails. My imapd.conf
> contains `admins: jukka/admin'; I successfully require a TGT for
> jukka/admin, but authentication fails:
>
> $ cyradm --user jukka/admin --authz jukka/admin host
> cyradm: cannot authenticate to server with as jukka/admin
>
> The following is logged:
>
> imap[15512]: accepted connection
> imap[15512]: badlogin: [...] GSSAPI [SASL(-13): authentication failure: bad userid authenticated]
>
> Using a principal without a "admin" instance as a cyrus admin works
> fine. This used to work some time ago, but I can't remember when
> exactly...
This is badly worded. I tried to say that using an /admin instance of
a Kerberos principal as a cyrus admin user id used to work, but right
now only non-admin instances seem to work.
> Any hints what could have cause this regression? Or even better how
> to fix it? ;-)
Regards, Jukka
--
bashian roulette:
$ ((RANDOM%6)) || rm -rf ~
More information about the Info-cyrus
mailing list