GSSAPI: A token had an invalid MIC
Phil Pennock
info-cyrus-spodhuis at spodhuis.org
Sun Oct 29 12:10:41 EST 2006
On 2006-10-28 at 04:35 +0200, Phil Pennock wrote:
> New server:
> OS/Arch: FreeBSD 6.1 / amd64
> Cyrus IMAPd: 2.3.7
> Cyrus SASL 2.1.22
> OpenSSL: 0.9.7i
> Heimdal: 0.7.2 (OS port rev _1)
It turns out that, of the software installed to date, Cyrus IMAP is the
only one not handling the older Heimdal (from base-system) libraries in
/usr/; if I move aside those libraries and change the Port Makefile to
pass:
--with-krb=${HEIMDAL_HOME} --with-krbimpl=kth --without-krbdes
(where HEIMDAL_HOME is /usr/local) then Cyrus just doesn't link against
any Kerberos because it fails to use the location in --with-krb. Which
means that GSSAPI is provided by Cyrus-SASL and everything just works.
[gssapi]broken_des3_mic did not work around this.
Out of curiosity, is all the KRB5 support in cyrus-imapd a legacy from
before the use of SASL or is there some other way in which it helps?
Thanks,
--
"Everything has three factors: politics, money, and the right way to do it.
In that order." -- Gary Donahue
More information about the Info-cyrus
mailing list