- Previous message: Craig White: "Re: setting up IMAP users"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
|
|
|
From: Lars Kellogg-Stedman (no email)
Date: Tue Nov 01 2005 - 23:44:46 EST
Hello again,
I'm using virtual domains on our Cyrus IMAP server, which means that
the user "lars" is distinct from "". I've just
started setting up kerberos (5) in this environment, and I've
discovered that the Cyrus IMAP server will strip the default realm
from a connecting principal before treating it as a username -- which
means that nobody can actually use kerberos. If I'm authenticated as
"", Cyrus imapd will authenticate me as the user
"lars", and if I try to SELECT INBOX, for example, I get a "no such
mailbox".
If I connect *without* kerberos and authenticate as ,
everything works just grand.
More details:
Given a kerberos environment like this:
$ klist
Credentials cache: FILE:/tmp/krb5cc_20000
Principal:
Connecting to the IMAP server like this:
$ imtest mail.example.com
[...elided...]
C: A01 AUTHENTICATE GSSAPI ...
[...elided...]
S: A01 OK Success (privacy protection)
Authenticated.
Security strength factor: 56
The server says:
mail.notice: Nov 1 23:34:53 imap[23997]: login:
mail.example.com [192.168.1.20] lars GSSAPI User logged in
-- Lars
---- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
|
|
|