Aleksandar Milivojevic --> info-cyrus (2005-01-11 16:24:14 -0600): > I've got authentication using GSSAPI working. However, when I use > GSSAPI, imapd treats my login name as virtual domain.
What is virtdomains set to in your imapd.conf? > While I'm at GSSAPI. There's configuration option "srvtab". I tought > that it is used to provide path to Kerberos keytab file to be used. Hmm, sounds like Kerberos IV... > However, it seems it either isn't used for that, or that it doesn't > work. I had to provide KRB5_KTNAME environment variable to get imapd to > use correct keytab file. You could set 'sasl_keytab: /path/to/keytab' in imapd.conf instead. > One more question, just out of curiosity (I don't intend to implement > it). I've noticed that if GSSAPI is configured, than plain and login > can be used only over TLS (I'm not really sure about this, maybe I > noticed wrong ;-). If it is not configured, plain and login are allowed > in plaintext. Is there a configuration variable to controll this? Like > force TLS even if GSSAPI is not configured, or allow plaintext in case > GSSAPI is configured? allowplaintext option doesn't seem to work!? Set 'allowplaintext: 0' in imapd.conf. HTH, Jukka -- bashian roulette: $ ((RANDOM%6)) || rm -rf ~ --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
