On Wed, 22 Dec 2004, Aleksandar Milivojevic wrote:
Rob Siemborski wrote:On Tue, 21 Dec 2004, Aleksandar Milivojevic wrote:
saslauthd: auth_krb5: krb5_get_init_creds_password
saslauthd: do_auth : auth failure: [user=username] [service=imap] [realm=] [mech=kerberos5] [reason=saslauthd internal error]
Do you have a host/(hostname) key in the database?
OK, so I added host/hostname key. And the authentication against AD now works. I guess this step can't be skipped...
It can be if you use Heimdal for your unix side kerberos library. Its been a while since I've looked at this and the reason for the difference escapes me at the moment.
However, I have several AD domains. Is it possible to define list of users and to which domain (realm) they belong, so that they just type the username (which is guaranteed to be uniq across all realms in my case), and cyrus imapd/saslauthd autheticates against correct AD server?
I suspect that you could do this with a code modification, but I don't believe there is support for deriving the correct domain internally.
If the only way is for the user to specify the realm (as in [EMAIL PROTECTED]) when logging in (which I'd rather avoid, if possible), I have another problem ;-)
When I type [EMAIL PROTECTED] in MUA, authentication goes well, but IMAPD responds with "invalid mailbox" message. Do I need to create (in this case) all mailboxes as [EMAIL PROTECTED] Or?
Virtual domains.
-Rob
--------------------------------------------------------------------- Rob Siemborski
--- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
