Cyrus IMAP GSSAPI for multiple AD domains

John Mok jmok at
Sat Jul 3 11:51:26 EDT 2010


I have successfully setup Cyrus IMAP 2.2.12 with GSSAPI / Kerberos  as 
authentication for an AD domain "", which is the 
default domain in /etc/imapd.conf. However, when I tried to add another 
AD domain "" other the default domain. The AD users in 
the latter domain, i.e. "", failed to authenticate from 
the e-mail client (e.g. Thunderbird).

The error message on the server log :-

Jul  2 17:56:39 imapsv01 cyrus/imaps[3777]: GSSAPI Error: Miscellaneous 
failure (Wrong principal in request)

I checked with imtest and it passed successfully :-

 >imtest -m GSSAPI

The IMAP config. /etc/imapd.conf follows :-

altnamespace: yes
sasl_mech_list: gssapi pam
virtdomains: yes
sasl_pwcheck_method: saslauthd

I hope someone could advise how I could make the IMAP to authenticate 
users from two or more AD domains.

Thanks a lot.

John Mok

More information about the Info-cyrus mailing list