On Sun, Sep 20, 2015 at 6:00 PM, Stephen Ingram <sbingram@xxxxxxxxx> wrote:
I'm trying to setup a kerberos connection to an mupdate server using gssapi authentication. I'm creating a credentials cache using a keytab file on the system for user imap/machine1.domain.com. In the old init.d-based system, I specified the KRB5_KTNAME and KRB5CCNAME environment variables, then when the cyrus-master program ran, the ticket was fetched and the system was able to connect. However, with systemd, it appears as though the server should maybe use a persistent keyring to store the credentials. Even if I try to use a file, say inside /var/lib/imap to escape selinux, the system still fails to authenticate. Does anyone have this setup working that allows a cyrus client to connect to an mupdate server to fetch mailbox information?
Looks like I got bit by Bug 3480 again. I wrongly assumed this had been fixed by now, but I guess not, so RHEL 7 cyrus is still broken for those using sasl with GSSAPI.
Steve
---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
