GSSAPI for various murder component setups
Dennis Davis
D.H.Davis at bath.ac.uk
Fri Jun 15 04:58:51 EDT 2012
On Wed, 13 Jun 2012, Dan White wrote:
> From: Dan White <dwhite at olp.net>
> To: Stephen Ingram <sbingram at gmail.com>
> Cc: info-cyrus <info-cyrus at lists.andrew.cmu.edu>
> Date: Wed, 13 Jun 2012 21:23:57
> Subject: Re: GSSAPI for various murder component setups
...
> The other issue is that where your systems are acting as clients
> (such as when a frontend server is connecting to an mupdate
> server), your client will need to initialize a kerberos ticket
> cache, and in my experience cannot use the kerberos credentials
> used to accept connections. Or in other words, your frontends
> might have an imap/mail.example.net service ticket for accepting
> client imap connections, but then may need a separate ticket, such
> as cyrus/mail.example.net, for backend/mupdate connections. I
> use cronjobs, running as the cyrus user, to initialize those
> crendential caches.
I suspect some of Russ Allberry's software:
http://www.eyrie.org/~eagle/software/
might be useful for obtaining and renewing kerberos credentials.
In particular kstart:
http://www.eyrie.org/~eagle/software/kstart/
--
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
D.H.Davis at bath.ac.uk Phone: +44 1225 386101
More information about the Info-cyrus
mailing list