Thunderbird + Kerberos 5 + Cyrus SASL-and-IMAP?

Ben Poliakoff benp at reed.edu
Fri Feb 9 13:50:34 EST 2007


* Jeff Blaine <jblaine at kickflop.net> [20070209 10:42]:
> A little more info, in case anyone finds the time to help
> me out:
> 
> I've tried everything I can imagine.
> 
> saslauthd:
> 
>     saslauthd -a kerberos5 -d (with additional debug code by me!)
> 
>         Feb  9 13:22:20 noodle.foo.com saslauthd[27437]:
>         auth_krb5: krb5_kt_read_service_key returned -1765328203
>         - going to fini: in k5support_verify_tgt()
> 
>     I can find no information on that Kerberos error, but I
>     most certainly have imap/noodle.foo.com in a readable
>     /etc/krb5.keytab (and truss shows it being read fine).
> 
> imapd.conf:
> 
>     sasl_pwcheck_method: saslauthd
> 

I'm fairly certain that saslauthd is going to be looking for a *host*
principle in the keytab (i.e. host/noodle.foo.com).  Do you have a host
principle in the same keytab file?

Of course saslauthd won't be involved at all if you're doing GSSAPI auth
with Thunderbird, saslauthd is only used for "plaintext" authentication.

Ben
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20070209/0f48ebe1/attachment.bin


More information about the Info-cyrus mailing list