cyradm auth failure with krb admin instances
Jukka Salmi
j+asg at 2006.salmi.ch
Tue Oct 24 12:46:52 EDT 2006
Jukka Salmi --> info-cyrus (2006-10-22 16:32:58 +0200):
> Jukka Salmi --> info-cyrus (2006-10-22 16:23:30 +0200):
> > Hi,
> >
> > I'm using Cyrus IMAP4 v2.2.13.
> >
> > I haven't used cyradm for some time, but today I noticed I can't log
> > in as admin anymore because GSSAPI authentication fails. My imapd.conf
> > contains `admins: jukka/admin'; I successfully require a TGT for
> > jukka/admin, but authentication fails:
> >
> > $ cyradm --user jukka/admin --authz jukka/admin host
> > cyradm: cannot authenticate to server with as jukka/admin
> >
> > The following is logged:
> >
> > imap[15512]: accepted connection
> > imap[15512]: badlogin: [...] GSSAPI [SASL(-13): authentication failure: bad userid authenticated]
> >
> > Using a principal without a "admin" instance as a cyrus admin works
> > fine. This used to work some time ago, but I can't remember when
> > exactly...
>
> This is badly worded. I tried to say that using an /admin instance of
> a Kerberos principal as a cyrus admin user id used to work, but right
> now only non-admin instances seem to work.
>
>
> > Any hints what could have cause this regression? Or even better how
> > to fix it? ;-)
This regression was introduced with Cyrus IMAPd v2.2.13: I just failed
to reproduce the problem with v2.2.12, i.e. 2.2.12 works fine.
I should probably file a bug report...
Regards, Jukka
--
bashian roulette:
$ ((RANDOM%6)) || rm -rf ~
More information about the Info-cyrus
mailing list