From: Ben Poliakoff (no email)
Date: Fri Feb 09 2007 - 13:50:34 EST
* Jeff Blaine <> [20070209 10:42]:
> A little more info, in case anyone finds the time to help
> me out:
>
> I've tried everything I can imagine.
>
> saslauthd:
>
> saslauthd -a kerberos5 -d (with additional debug code by me!)
>
> Feb 9 13:22:20 noodle.foo.com saslauthd[27437]:
> auth_krb5: krb5_kt_read_service_key returned -1765328203
> - going to fini: in k5support_verify_tgt()
>
> I can find no information on that Kerberos error, but I
> most certainly have imap/noodle.foo.com in a readable
> /etc/krb5.keytab (and truss shows it being read fine).
>
> imapd.conf:
>
> sasl_pwcheck_method: saslauthd
>
I'm fairly certain that saslauthd is going to be looking for a *host*
principle in the keytab (i.e. host/noodle.foo.com). Do you have a host
principle in the same keytab file?
Of course saslauthd won't be involved at all if you're doing GSSAPI auth
with Thunderbird, saslauthd is only used for "plaintext" authentication.
Ben
---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
|
|
|