>From: Mark Hannessen <[EMAIL PROTECTED]> >To: [EMAIL PROTECTED] >Date: Fri, 10 Dec 2004 14:27:30 +0100 > >I am trying to setup a kerberos v5 only cyrus imap server. >that is: I would like all autherisation to be done by gssapi/kerberos.
... >does anybody have a suggestion where I should look next? Is the keytab file in the right place? Depending on your version/implementation of kerberos it could be in any of: /etc/krb5.keytab /etc/krb5/krb5.keytab /etc/kerberosV/krb5.keytab Do the logs on the Kerberos server give any more detail? Note that a Cyrus IMAP server using Kerberos5 should need the principals: pop/[EMAIL PROTECTED] imap/[EMAIL PROTECTED] sieve/[EMAIL PROTECTED] The imap and sieve principals are definitely needed. It's worth adding the pop principal even if you initially don't intend running the pop daemon. It is advisable to extract these to a separate keytab file -- /var/imap/krb5.keytab -- and give that to the Cyrus user. You can then start the master daemon with a command line of the form: KRB5_KTNAME=/var/imap/krb5.keytab /usr/local/cyrus/bin/master & The above makes it unnecessary to add all the cyrus principals to /etc/krb5.keytab (or similar) and make this owned by, or at least readable by, the cyrus user. --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
