Re: Mapping users (either KerberosV or TLS certs)

• Previous message: Fabio Corazza: "Re: Migrating Cyrus-IMAP to another machine"
• In reply to: Phil Pennock: "Mapping users (either KerberosV or TLS certs)"
• Next in thread: Phil Pennock: "Re: Mapping users (either KerberosV or TLS certs)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On 05 Jul 2006, at 20:02, Phil Pennock wrote:
> can anyone
> please explain how to configure Cyrus so that a KerberosV /admin
> principal can be treated as a Cyrus admin user? I've tried inserting
> various entries into sasldb to back this up, putting things into
> /etc/krb5.equiv as well as various values for "admins:" and I'm
> stumped.

I do this, and I'm pretty no changes to sasldb or krb5.equiv were
necessary. AFAIK, all we did was mention the IDs in imapd.conf.

        # administrative principals
        admins: imap/xxx.mail.umich.edu imap/yyy.mail.umich.edu imap/
mail.umich.edu imap/web.mail.umich.edu

        # front-end hosts
        proxyservers: imap/mail.umich.edu imap/web.mail.umich.edu

More or less.

> badlogin: domus.home.globnix.net [192.168.1.101] GSSAPI [SASL
> (-13): authentication failure: bad userid authenticated]

SASL errors like this typically have a corresponding error reported
to LOG_AUTH.

:wes

----
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

• Previous message: Fabio Corazza: "Re: Migrating Cyrus-IMAP to another machine"
• In reply to: Phil Pennock: "Mapping users (either KerberosV or TLS certs)"
• Next in thread: Phil Pennock: "Re: Mapping users (either KerberosV or TLS certs)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]