Thunderbird + Kerberos 5 + Cyrus SASL-and-IMAP?
Ben Poliakoff
benp at reed.edu
Fri Feb 9 13:50:34 EST 2007
* Jeff Blaine <jblaine at kickflop.net> [20070209 10:42]:
> A little more info, in case anyone finds the time to help
> me out:
>
> I've tried everything I can imagine.
>
> saslauthd:
>
> saslauthd -a kerberos5 -d (with additional debug code by me!)
>
> Feb 9 13:22:20 noodle.foo.com saslauthd[27437]:
> auth_krb5: krb5_kt_read_service_key returned -1765328203
> - going to fini: in k5support_verify_tgt()
>
> I can find no information on that Kerberos error, but I
> most certainly have imap/noodle.foo.com in a readable
> /etc/krb5.keytab (and truss shows it being read fine).
>
> imapd.conf:
>
> sasl_pwcheck_method: saslauthd
>
I'm fairly certain that saslauthd is going to be looking for a *host*
principle in the keytab (i.e. host/noodle.foo.com). Do you have a host
principle in the same keytab file?
Of course saslauthd won't be involved at all if you're doing GSSAPI auth
with Thunderbird, saslauthd is only used for "plaintext" authentication.
Ben
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20070209/0f48ebe1/attachment.bin
More information about the Info-cyrus
mailing list