Hello again,
I'm using virtual domains on our Cyrus IMAP server, which means that
the user "lars" is distinct from "[EMAIL PROTECTED]". I've just
started setting up kerberos (5) in this environment, and I've
discovered that the Cyrus IMAP server will strip the default realm
from a connecting principal before treating it as a username -- which
means that nobody can actually use kerberos. If I'm authenticated as
"[EMAIL PROTECTED]", Cyrus imapd will authenticate me as the user
"lars", and if I try to SELECT INBOX, for example, I get a "no such
mailbox".
If I connect *without* kerberos and authenticate as [EMAIL PROTECTED],
everything works just grand.
More details:
Given a kerberos environment like this:
$ klist
Credentials cache: FILE:/tmp/krb5cc_20000
Principal: [EMAIL PROTECTED]
Connecting to the IMAP server like this:
$ imtest mail.example.com
[...elided...]
C: A01 AUTHENTICATE GSSAPI ...
[...elided...]
S: A01 OK Success (privacy protection)
Authenticated.
Security strength factor: 56
The server says:
mail.notice: Nov 1 23:34:53 imap[23997]: login:
mail.example.com [192.168.1.20] lars GSSAPI User logged in
-- Lars
----
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
