On Tue, 26 Sep 2006, David Severance wrote:
I was working getting 2006a running and ran into this compile time problem:
osdep.c: In function `checkpw':
osdep.c:116: error: syntax error before '-' token
Thank you. Somehow, the imap-2006a/src/osdep/unix/ckp_gss.c file was
damaged. The following patch fixes it, and will be in imap-2006b:
*** ckp_gss.c~ 2006-08-30 18:34:07.000000000 -0700
--- ckp_gss.c 2006-09-26 13:45:41.000000000 -0700
***************
*** 59,65 ****
* to have separate client principals for different services, but many
* other sites vehemently object...
*/
! !krb5_parse_name (ctx,kerb_cp_svr_name ? cltnam : pw->-pw_name,
&crd->client) &&
!krb5_parse_name (ctx,svrnam,&service) &&
!krb5_build_principal_ext (ctx,&crd->server,
--- 59,65 ----
* to have separate client principals for different services, but many
* other sites vehemently object...
*/
! !krb5_parse_name (ctx,kerb_cp_svr_name ? cltnam : pw->pw_name,
&crd->client) &&
!krb5_parse_name (ctx,svrnam,&service) &&
!krb5_build_principal_ext (ctx,&crd->server,
I'm looking to get to an install that can
hopefully use an already granted kerberos ticket (from the original ssh
login) and if there isn't one (because it's a remote imapd only connection)
use the pam process to auth itself. Of course, maybe I'm going about this the
wrong way too.
That isn't what PASSWDTYPE=gss does.
PASSWDTYPE=gss says that, when validating a plaintext password, use the
user's Kerberos password rather than the password from /etc/passwd (or
PAM).
On most modern systems, passwords are validated with PAM, and if you want
to use the Kerberos password instead of the /etc/passwd password, you
would generally do this in a PAM configuration rather than build imapd to
look up the Kerberos password manually.
As for what you want to do, it should suffice to build the server with
EXTRAAUTHENTICATORS=gss. This will enable the GSSAPI SASL authenticator,
and if the client has a Kerberos ticket it can then use GSSAPI SASL to
authenticate to the server. [Of course, this assumes that the client also
supports GSSAPI.]
-- Mark --
http://staff.washington.edu/mrc
Science does not emerge from voting, party politics, or public debate.
Si vis pacem, para bellum.
_______________________________________________
Imap-uw mailing list
Imap-uw@u.washington.edu
https://mailman1.u.washington.edu/mailman/listinfo/imap-uw