Andreas --> info-cyrus (2004-08-12 10:11:26 -0300): > On Thu, Aug 12, 2004 at 01:10:05PM +1200, Stephen wrote: > > 3. The missing piece is how to link cyrus-imap and GSSAPI. Kerberos > > is operational and I have tried > > "addprinc -randkey host/kerberos.ourdomain" and then "ktadd > > host/kerberos.ourdomain", but still can't authenticate. > > You need a principal in the form of "imap/fqdn-of-imap-server". Then add > it to the default keytab (/etc/krb5.keytab) and make sure the cyrus-master > daemon can read it.
I'd recommend to store it (together with pop/fqdn, sieve/fqdn, etc.) to a separate file which is readable only by cyrus, and set the sasl_keytab option in imapd.conf accordingly. HTH, Jukka -- bashian roulette: $ ((RANDOM%6)) || rm -rf ~ --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
