On 06/13/12 12:57 -0700, Stephen Ingram wrote: >There seems to be quite a bit of information on the Website about >setting up a murder configuration. Most of the documentation, however, >seems to be centered on basic authentication. Is there a good resource >somewhere to using Kerberos to setup the communication between the >mupdate, frontend and backend servers for mupdate, imap and >replication processes? I see some configs in the distribution conf >directory from CMU setups, but they are only partially complete and >based on Kerberos 4. There are two differences that come to mind: When configuring authentication, you can simply leave the authname and password out of your configuration, such as: mupdate_server: mupdate.example.net # mupdate_port # mupdate_username: # mupdate_authname # mupdate_realm # mupdate_password # mupdate_retry_delay mupdate_config: standard The other issue is that where your systems are acting as clients (such as when a frontend server is connecting to an mupdate server), your client will need to initialize a kerberos ticket cache, and in my experience cannot use the kerberos credentials used to accept connections. Or in other words, your frontends might have an imap/mail.example.net service ticket for accepting client imap connections, but then may need a separate ticket, such as cyrus/mail.example.net, for backend/mupdate connections. I use cronjobs, running as the cyrus user, to initialize those crendential caches. -- Dan White ---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
