Do you have a host/(hostname) key in the database?
Hm, no I don't. Does this mean that I also need to have account for host (that runs IMAP server) in Active Directory, or the account for IMAP service that runs on the server, or both?
That said, you're not really "Authenticating using kerberos" here, you're just doing password verification, which in many ways defeats the point.
Well, password verification is really all I need. I really don't need any other functionality provided by kerberos. If user provided correct password (over TLS) to IMAPD, I want to let him in. I just want to use Active Directory as simple and convinient password store that returns true or false. I don't really need full kerberos system. I'm not after single sign-on or anything fancy. I'm attempting to use kerberos only because it is the way AD works, and I'm trying to keep it as simple as possible. All that I really need is the stuff that kinit does. It connects to AD, password is verified, I get true or false for password, and all the other stuff that kinit does after the password is verified is not of interest to me.
Can Cyrus IMAPD do that? Or if not, can saslauthd do it?
P.S.
Sorry for (first) direct reply, I've hit reply instead of reply-all and noticed it when it was already too late :-(
-- Aleksandar Milivojevic <[EMAIL PROTECTED]> Pollard Banknote Limited Systems Administrator 1499 Buffalo Place Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7 --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
