Hello list.
I have just gotten off a mail conversation conversation with guys from CyberSafe and we are slightly puzzled (or at least, I am). I asked them if they could port "./lib/auth_krb5.c" to use CyberSafe's GSS-API and they did it (Alexey Melnikov).
The problem is with Kerberos Authorization in IMAP Server. Mind you, not *authentication*, that is handled via SASL and works OK.
The docs state that, if using Krb5 authz, instead of UNIX authz, one can use ACLs in the form of a Kerberos5 regular expression, like these:
*/[EMAIL PROTECTED] [EMAIL PROTECTED] nikola/[EMAIL PROTECTED]
However, the code in "./lib/auth_krb5.c" does no such thing. It does however canonicalize principal and strips off realm if it is local realm, but no "RegEx" matching.
I do notice, however, that the docs on the subject are using Kerberos_IV notation, but the code in "./lib/auth_krb.c" doesn't look any more sophisticated/magical than the previous.
So, are we missing something, here? It would be nice to have those advertised ACLs available, with the growing popularity of Kerberos environment.
Nix. --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
