GSSAPI: A token had an invalid MIC
Jukka Salmi
j+asg at 2006.salmi.ch
Sun Oct 29 16:23:01 EST 2006
Phil Pennock --> info-cyrus (2006-10-29 18:10:41 +0100):
> It turns out that, of the software installed to date, Cyrus IMAP is the
> only one not handling the older Heimdal (from base-system) libraries in
> /usr/; if I move aside those libraries and change the Port Makefile to
> pass:
> --with-krb=${HEIMDAL_HOME} --with-krbimpl=kth --without-krbdes
> (where HEIMDAL_HOME is /usr/local) then Cyrus just doesn't link against
> any Kerberos because it fails to use the location in --with-krb. Which
> means that GSSAPI is provided by Cyrus-SASL and everything just works.
>
> [gssapi]broken_des3_mic did not work around this.
>
> Out of curiosity, is all the KRB5 support in cyrus-imapd a legacy from
> before the use of SASL or is there some other way in which it helps?
Which Kerberos version are you trying to use? Note that --with-krb
enables Kerberos IV while Kerberos V is done throug GSSAPI
(--enable-gssapi).
Cheers, Jukka
--
bashian roulette:
$ ((RANDOM%6)) || rm -rf ~
More information about the Info-cyrus
mailing list