kerberos credentials on systemd-based CentOS 7

Stephen Ingram sbingram at
Mon Sep 21 01:57:55 EDT 2015

On Sun, Sep 20, 2015 at 6:00 PM, Stephen Ingram <sbingram at> wrote:

> I'm trying to setup a kerberos connection to an mupdate server using
> gssapi authentication. I'm creating a credentials cache using a keytab file
> on the system for user imap/ In the old init.d-based
> system, I specified the KRB5_KTNAME and KRB5CCNAME environment variables,
> then when the cyrus-master program ran, the ticket was fetched and the
> system was able to connect. However, with systemd, it appears as though the
> server should maybe use a persistent keyring to store the credentials. Even
> if I try to use a file, say inside /var/lib/imap to escape selinux, the
> system still fails to authenticate. Does anyone have this setup working
> that allows a cyrus client to connect to an mupdate server to fetch mailbox
> information?

Looks like I got bit by Bug 3480
<> again. I wrongly
assumed this had been fixed by now, but I guess not, so RHEL 7 cyrus is
still broken for those using sasl with GSSAPI.

-------------- next part --------------
An HTML attachment was scrubbed...

More information about the Info-cyrus mailing list