A little more info, in case anyone finds the time to help
me out:
I've tried everything I can imagine.
saslauthd:
saslauthd -a kerberos5 -d (with additional debug code by me!)
Feb 9 13:22:20 noodle.foo.com saslauthd[27437]:
auth_krb5: krb5_kt_read_service_key returned -1765328203
- going to fini: in k5support_verify_tgt()
I can find no information on that Kerberos error, but I
most certainly have imap/noodle.foo.com in a readable
/etc/krb5.keytab (and truss shows it being read fine).
imapd.conf:
sasl_pwcheck_method: saslauthd
Jeff Blaine wrote:
I have a healthy MIT Kerberos 1.5.2 realm and Cyrus IMAP 2.2.12
server configured (SASL 2.1.22).
I can't get Thunderbird (latest 1.5 official release) to perform
GSSAPI authentication against the Cyrus IMAP server.
I have valid Kerberos 5 credentials (for user jblaine) via Kerberos
for Windows 3.1. I have restarted Thunderbird.
Anyone know how to do this? This is supposed to work if I am
not mistaken.
Thunderbird states the server does not support secure authentication
(which is BS).
====================================================================
imtest authenticates (as jblaine) via GSSAPI fine!
C: A01 AUTHENTICATE GSSAPI YIICBblahblahblah
S: + YIGWBgkqhkblahblah
...
S: A01 OK Success (privacy protection)
Authenticated.
Security strength factor: 56
...
Feb 8 16:36:44 noodle.foo.com imap[26514]: [ID 529592 local6.notice]
login: noodle.foo.com [192.168.168.100] jblaine GSSAPI User logged in
====================================================================
/etc/imapd.conf reads as follows:
configdirectory: /var/imap
defaultpartition: default
partition-default: /var/spool/imap
imap_admins: root cyrus
sieveusehomedir: false
autocreatequota: 200000
duplicate_db: skiplist
allowplaintext: false
force_sasl_mech: GSSAPI
sasl_log_level: 4
----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
