(This discussion should be continued on the SASL list IMHO.)
Stephen --> info-cyrus (2004-08-15 02:32:00 +1200):
[...]
> Also, I tried exporting the keytab to a file /etc/krb5-cyrus.keytab, and
> added the line below to /etc/imapd.conf, but the imap server wouldn't
> respond to a keytab in /etc/krb5-cyrus.keytab (it did have cyrus
> ownership). I had to comment out the line and put the keytab in the
> standard place for the gentoo setup, /etc/krb5.keytab.
> ----> line below added to /etc/imapd.conf but didn't work for me.
> sasl_keytab: /etc/krb5-cyrus.keytab
>
> Jukka: How have you implemented sasl_keytab??
As you did: added the principals to /etc/pkg/krb5.keytabs/cyrus, and
set 'sasl_keytab: /usr/pkg/etc/krb5.keytabs/cyrus' in imapd.conf. BTW,
I'm using SASL 2.1.18, IMAPd 2.2.6 and Heimdal 0.6.1 (each installed
from pkgsrc[1] on a NetBSD 1.6.2 system).
However, I'm not sure what's the right way to do it. The SASL documentation
seems to be contradictory: first of all, "keytab" is listed as an option[2]
for the GSSAPI mechanism. But on sysadmin.html[3] it states
"Currently, the keytab file location is not configurable and
defaults to the system default (probably /etc/krb5.keytab)."
On gssapi.html[4] it tells about environment variables used by the
kerberos libraries to determine the keytab file, i.e. KRB5_KTNAME for
Heimdal (which I can confirm to be correct).
AFAICT the statement on sysadmin.html is not correct.
Regards, Jukka
[1] http://www.pkgsrc.org/
[2] http://asg.web.cmu.edu/cyrus/download/sasl/options.html
[3] http://asg.web.cmu.edu/cyrus/download/sasl/sysadmin.html
[4] http://asg.web.cmu.edu/cyrus/download/sasl/gssapi.html
--
bashian roulette:
$ ((RANDOM%6)) || rm -rf ~
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
