* Jeff Blaine <jblaine@xxxxxxxxxxxx> [20070209 10:42]: > A little more info, in case anyone finds the time to help > me out: > > I've tried everything I can imagine. > > saslauthd: > > saslauthd -a kerberos5 -d (with additional debug code by me!) > > Feb 9 13:22:20 noodle.foo.com saslauthd[27437]: > auth_krb5: krb5_kt_read_service_key returned -1765328203 > - going to fini: in k5support_verify_tgt() > > I can find no information on that Kerberos error, but I > most certainly have imap/noodle.foo.com in a readable > /etc/krb5.keytab (and truss shows it being read fine). > > imapd.conf: > > sasl_pwcheck_method: saslauthd > I'm fairly certain that saslauthd is going to be looking for a *host* principle in the keytab (i.e. host/noodle.foo.com). Do you have a host principle in the same keytab file? Of course saslauthd won't be involved at all if you're doing GSSAPI auth with Thunderbird, saslauthd is only used for "plaintext" authentication. Ben
Attachment:
signature.asc
Description: Digital signature
---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
