We are trying to setup a Cyrus IMAP server(version 2.2.3) on a Redhat Enterprise LINUX AS 3.0 box. For ease of management we would like to authenticate users against a Microsoft Active Directory Domain controller since all users who would use the IMAP server are already there.
We have attempted to use Cyrus saslauthd( version 2.1.17) with kerberos5 to do this: 1. Cyrus sasl has been built with gssapi(kerberos5) support 2. cyrus imap has been built --with-auth=krb5 3. In /etc/imapd.conf sasl-pwcheck-method=saslauthd 4. We followed the instructions in http://www.microsoft.com/windows2000/techinfo/planning/security/kerbstep s.asp to interoperate with the AD KDC: We generated both the host and service-instance(imap) keytab files and integrated them into the /etc/krb5.keytab file on the LINUX host. Finally, we modified /etc/krb5.conf according to the instructions. We tested kerberos with kinit and it seems to be working. 5. We started saslauthd with: saslauthd -n0 -a kerberos5 6. Finally, we started imap with master -d We have not had success with AD authentication. When a valid AD user tries to login via the imap client( we are using microsoft outlook) we get a cryptic "size read failed". When we use imtest we get a "No credentials cache found" error. We are indeed clueless would appreciate any help with this. --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
