On Sun, Sep 20, 2015 at 6:00 PM, Stephen Ingram <sbing...@gmail.com> wrote:
> I'm trying to setup a kerberos connection to an mupdate server using > gssapi authentication. I'm creating a credentials cache using a keytab file > on the system for user imap/machine1.domain.com. In the old init.d-based > system, I specified the KRB5_KTNAME and KRB5CCNAME environment variables, > then when the cyrus-master program ran, the ticket was fetched and the > system was able to connect. However, with systemd, it appears as though the > server should maybe use a persistent keyring to store the credentials. Even > if I try to use a file, say inside /var/lib/imap to escape selinux, the > system still fails to authenticate. Does anyone have this setup working > that allows a cyrus client to connect to an mupdate server to fetch mailbox > information? > Looks like I got bit by Bug 3480 <https://bugzilla.cyrusimap.org/show_bug.cgi?id=3480> again. I wrongly assumed this had been fixed by now, but I guess not, so RHEL 7 cyrus is still broken for those using sasl with GSSAPI. Steve
---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
