GSSAPI for various murder component setups
dwhite at olp.net
Wed Jun 20 09:29:59 EDT 2012
On 06/19/12 19:04 -0700, Stephen Ingram wrote:
>Thank you for your continued help with this. I really appreciate it
>and am determined to get to the end of this.
>I think I'm getting closer. I have successfully authenticated using
>mupdatetest from one of the backends to the mupdate server. I'm using
>service principals on both ends. I've even specified the
>imap/imap1.example.com part of the principal in the admins: section of
>the configuration and after solving several configuration issues on my
>end, it seems to work! I came across a post from you some time ago
>talking about /etc/krb.equiv. Would this be an easier way to do this?
>I tried placing that file on the mupdate server and loaded it with
>imap/imap1.example.com imap1 and then placed admins: imap1 in my
>imapd.conf file, but I'm not sure if it works. Do I have to tell cyrus
>about that file somewhere?
I have not used /etc/krb.equiv before, but the last time I dug into the
code trying to understand it, I came away with the impression that it's
used for kerberosv4 only. Apparently it would be a way to map
'imap/imap1.example.com' to 'imap1'. It might work just as well to just
place 'imap/imap1.example.com' or 'imap/imap1.example.com at EXAMPLE.COM' into
your proxyservers/*_admins entries.
I know that this format works, because it's what I currently have in my
cyrus-mail1.example.net at EXAMPLE.NET
More information about the Info-cyrus