kerberos credentials on systemd-based CentOS 7

Stephen Ingram sbingram at gmail.com
Mon Sep 21 01:57:55 EDT 2015


On Sun, Sep 20, 2015 at 6:00 PM, Stephen Ingram <sbingram at gmail.com> wrote:

> I'm trying to setup a kerberos connection to an mupdate server using
> gssapi authentication. I'm creating a credentials cache using a keytab file
> on the system for user imap/machine1.domain.com. In the old init.d-based
> system, I specified the KRB5_KTNAME and KRB5CCNAME environment variables,
> then when the cyrus-master program ran, the ticket was fetched and the
> system was able to connect. However, with systemd, it appears as though the
> server should maybe use a persistent keyring to store the credentials. Even
> if I try to use a file, say inside /var/lib/imap to escape selinux, the
> system still fails to authenticate. Does anyone have this setup working
> that allows a cyrus client to connect to an mupdate server to fetch mailbox
> information?
>

Looks like I got bit by Bug 3480
<https://bugzilla.cyrusimap.org/show_bug.cgi?id=3480> again. I wrongly
assumed this had been fixed by now, but I guess not, so RHEL 7 cyrus is
still broken for those using sasl with GSSAPI.

Steve
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20150920/88a38984/attachment-0001.html 


More information about the Info-cyrus mailing list