On 22/10/09 22:38 +0800, John Mok wrote: >Oct 22 15:35:02 imapsv01 cyrus/imap[19466]: badlogin: >John.sml.citizen.co.jp [10.144.1.192] GSSAPI [SASL(-13): authentication >failure: user komat...@go.citizen.co.jp is not allowed to proxy] > >I checked with imtest and it passed successfully :- > > >imtest -m GSSAPI imapsv01.grt.citizen.co.jp > >The IMAP config. /etc/imapd.conf follows :- > >.... >virtdomains: yes >defaultdomain: grt.citizen.co.jp >sasl_pwcheck_method: saslauthd
The "...not allowed to proxy" would seem to indicate that the client is sending an authorization identity, and that it does not match the authentication identity derived from GSSAPI. What does your 'loginrealms:' entry look like in imapd.conf? Are you specifying a(n authorization) username within the email client? If so, try including go.citizen.co.jp in your loginrealms config, and configuring 'komat...@go.citizen.co.jp' as your authorization identity in your client, or perhaps not specify it at all. -- Dan White ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
