Hi, we're facing problem where dovecot 1.2rc5 is not able to authenticate user via gssapi. (I'm forwarding information from red hat's bugzilla)
Steps to reproduce: 1. Install dovecot with kerberos support, create mailboxes for the client 2. Get initial credentials on client side 3. Attempt to log in via dovecot using gssapi -> login failed Client side 1. Email client displays: "[AUTHENTICATIONFAILED] Authentication failed." 2. klist before login shows: Valid starting Expires Service principal 06/18/09 20:01:01 06/19/09 20:01:01 krbtgt/re...@realm 3. klist after login attempt shows: Valid starting Expires Service principal 06/18/09 20:01:01 06/19/09 20:01:01 krbtgt/re...@realm 06/18/09 20:01:28 06/19/09 20:01:01 imap/mail.dom...@realm Server side 1. /var/log/maillog: dovecot: auth(default): gssapi(user,192.168.0.1): authn_name not authorized dovecot: imap-login: Aborted login (auth failed, 1 attempts): user=<user>, method=GSSAPI, rip=192.168.0.1, lip=192.168.0.2, TLS ---------------- It is possible for the same user to login via other mechanisms. The issue reproduced with different email clients. Evolution and a custom java-based client were attempted. example of dovecot.conf: protocols = imap mail_location = maildir:/home/virtual/%u/Maildir protocol imap { } auth_krb5_keytab=/etc/dovecot.keytab auth default { mechanisms = gssapi userdb static { args = uid=vmail gid=vmail home=/home/virtual/%u } } ------------------------- Exactly the same dovecot setup was working just fine with dovecot 1.1 series. Authentication using kinit works just fine and kerberos infrastructure is functioning well as I use kerberos auth for other services like apache and ssh successfully. /var/log/maillog with using auth_debug=yes can be found here: https://bugzilla.redhat.com/attachment.cgi?id=348710 Regards, Michal Hlavinka