I am wanting to achieve Kerberos 5 authentication using cyrus-imapd-2.0.11.
Does anyone have this implemented and/or could you
provide any suggestions or information that may help?
It appears this can only be done currently by the GSSAPI mechanism
in SASL 1.5.24.
I have found the cyrus-imapd-2.0.11 provided GSSAPI documentation useful
and have been able to successfully get the sample-server and sample-client
included with cyrus-sasl-1.5.24 to produce positive results that the
mechanism itself is working. The cyrus-imapd-2.0.11 (imtest) appears to
be able to use the cyrus-sasl-1.5.24 GSSAPI mechanism and responds with
Security factor: 54
imapd.conf
configdirectory: /var/imap
partition-default: /var/spool/imap
admins: iadmin
sasl_pwcheck_method: GSSAPI
srvtab: /etc/krb5.keytab
My current configuration consists of:
Platform: Sparc
OS: Solaris 7 (move kerberos 4 libraries and programs)
- Cyrus SASL 1.5.24
- Cyrus IMAPD 2.0.11
- MIT Kerberos 1.2.1
- Berkeley DB.3.2
- Openssl 0.9.6
- GNU Make 3.79
- Zephyr 2.0.4
- tcl 8.0.5
# ldd master
libdl.so.1 => /usr/lib/libdl.so.1
libssl.so.0 => /usr/local/lib/libssl.so.0
libcrypto.so.0 => /usr/local/lib/libcrypto.so.0
libdb-3.2.so => /usr/local/BerkeleyDB.3.2/lib/libdb-3.2.so
libnsl.so.1 => /usr/lib/libnsl.so.1
libsocket.so.1 => /usr/lib/libsocket.so.1
libc.so.1 => /usr/lib/libc.so.1
libmp.so.2 => /usr/lib/libmp.so.2
/usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1
# ldd imtest
libsasl.so.7 => /usr/local/lib/libsasl.so.7
libdl.so.1 => /usr/lib/libdl.so.1
libssl.so.0 => /usr/local/lib/libssl.so.0
libcrypto.so.0 => /usr/local/lib/libcrypto.so.0
libdb-3.2.so => /usr/local/BerkeleyDB.3.2/lib/libdb-3.2.so
libnsl.so.1 => /usr/lib/libnsl.so.1
libsocket.so.1 => /usr/lib/libsocket.so.1
libc.so.1 => /usr/lib/libc.so.1
libresolv.so.2 => /usr/lib/libresolv.so.2
libmp.so.2 => /usr/lib/libmp.so.2
/usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1
Any assistance, references to information, or suggestions to
get Kerberos 5 authentication to work with Cyrus IMAP 2.0.11
would be appreciated.
