On Wed, 13 Jun 2012, Dan White wrote: > From: Dan White <dwhite@xxxxxxx> > To: Stephen Ingram <sbingram@xxxxxxxxx> > Cc: info-cyrus <info-cyrus@xxxxxxxxxxxxxxxxxxxx> > Date: Wed, 13 Jun 2012 21:23:57 > Subject: Re: GSSAPI for various murder component setups ... > The other issue is that where your systems are acting as clients > (such as when a frontend server is connecting to an mupdate > server), your client will need to initialize a kerberos ticket > cache, and in my experience cannot use the kerberos credentials > used to accept connections. Or in other words, your frontends > might have an imap/mail.example.net service ticket for accepting > client imap connections, but then may need a separate ticket, such > as cyrus/mail.example.net, for backend/mupdate connections. I > use cronjobs, running as the cyrus user, to initialize those > crendential caches. I suspect some of Russ Allberry's software: http://www.eyrie.org/~eagle/software/ might be useful for obtaining and renewing kerberos credentials. In particular kstart: http://www.eyrie.org/~eagle/software/kstart/ -- Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK D.H.Davis@xxxxxxxxxx Phone: +44 1225 386101 ---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
