Re: Thunderbird + Kerberos 5 + Cyrus SASL-and-IMAP?

From: Jeff Blaine (no email)
Date: Fri Feb 09 2007 - 13:26:30 EST

Next message: Farzad FARID: "Re: How to copy shared folders from one cyrus to another?"

Previous message: Ben Poliakoff: "Re: Thunderbird + Kerberos 5 + Cyrus SASL-and-IMAP?"
Maybe in reply to: Jeff Blaine: "Thunderbird + Kerberos 5 + Cyrus SASL-and-IMAP?"
Next in thread: Ben Poliakoff: "Re: Thunderbird + Kerberos 5 + Cyrus SASL-and-IMAP?"
Reply: Ben Poliakoff: "Re: Thunderbird + Kerberos 5 + Cyrus SASL-and-IMAP?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

A little more info, in case anyone finds the time to help
me out:

I've tried everything I can imagine.

saslauthd:

saslauthd -a kerberos5 -d (with additional debug code by me!)

         Feb 9 13:22:20 noodle.foo.com saslauthd[27437]:
         auth_krb5: krb5_kt_read_service_key returned -1765328203
         - going to fini: in k5support_verify_tgt()

     I can find no information on that Kerberos error, but I
     most certainly have imap/noodle.foo.com in a readable
     /etc/krb5.keytab (and truss shows it being read fine).

imapd.conf:

sasl_pwcheck_method: saslauthd

Jeff Blaine wrote:
> I have a healthy MIT Kerberos 1.5.2 realm and Cyrus IMAP 2.2.12
> server configured (SASL 2.1.22).
>
> I can't get Thunderbird (latest 1.5 official release) to perform
> GSSAPI authentication against the Cyrus IMAP server.
>
> I have valid Kerberos 5 credentials (for user jblaine) via Kerberos
> for Windows 3.1. I have restarted Thunderbird.
>
> Anyone know how to do this? This is supposed to work if I am
> not mistaken.
>
> Thunderbird states the server does not support secure authentication
> (which is BS).
>
> ====================================================================
>
> imtest authenticates (as jblaine) via GSSAPI fine!
>
> C: A01 AUTHENTICATE GSSAPI YIICBblahblahblah
> S: + YIGWBgkqhkblahblah
> ...
> S: A01 OK Success (privacy protection)
> Authenticated.
> Security strength factor: 56
>
> ...
>
> Feb 8 16:36:44 noodle.foo.com imap[26514]: [ID 529592 local6.notice]
> login: noodle.foo.com [192.168.168.100] jblaine GSSAPI User logged in
>
> ====================================================================
>
> /etc/imapd.conf reads as follows:
>
> configdirectory: /var/imap
> defaultpartition: default
> partition-default: /var/spool/imap
> imap_admins: root cyrus
> sieveusehomedir: false
> autocreatequota: 200000
> duplicate_db: skiplist
> allowplaintext: false
> force_sasl_mech: GSSAPI
> sasl_log_level: 4
>
>

----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Next message: Farzad FARID: "Re: How to copy shared folders from one cyrus to another?"

Previous message: Ben Poliakoff: "Re: Thunderbird + Kerberos 5 + Cyrus SASL-and-IMAP?"
Maybe in reply to: Jeff Blaine: "Thunderbird + Kerberos 5 + Cyrus SASL-and-IMAP?"
Next in thread: Ben Poliakoff: "Re: Thunderbird + Kerberos 5 + Cyrus SASL-and-IMAP?"
Reply: Ben Poliakoff: "Re: Thunderbird + Kerberos 5 + Cyrus SASL-and-IMAP?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Invaluement Anti-Spam DNSBLs