cyradm administration via krb5 admin instance

Thu, 07 Jun 2001 20:24:32 -0700 

Hi all,

Is it possible to use a krb5 style admin instance with cyradm?  It's
not working for me.

I've been testing a cyrus imapd installation using SASL GSSAPI
authentication.  Aside from the problem with the above, everything is
working quite nicely, it's really great software!

I'm guessing the problem is with the '/' character, i.e. 'benp/admin'.
It doesn't seem to be shell related, since I've tried a dozen different
quoting and escaping methods ('benp/admin', "benp/admin", benp\/admin,
etc...).

The man page for imapd.conf states:

    admins: <none>

    The list of userids with administrative rights. Separate each userid
    with a space. Sites using Kerberos authentication may use separate
    "admin" instances.

Currently the 'admins' line of my imapd.conf file looks like:

    admins: benpadmin 'benp/admin'

I've resorted to creating an additional "benpadmin" principle... (with
which I'm able to GSSAPI authenticate using cyradm).

The error logged by imapd when I attempt to use cyradm with benp/admin
is:

Jun  7 15:31:45 imogen imapd[4477]: badlogin: XXXX.reed.edu[XXXX.XXXX.XXXX.XXXX] 
GSSAPI authentication failure [bad userid authenticated]

cyradm fails with this error:

    /usr/local/bin/cyradm --user 'benp/admin' --auth GSSAPI XXXX.reed.edu
    cyradm: cannot authenticate to server with GSSAPI as benp/admin

    [ BTW I don't have any problems getting a kerberos *ticket* for the
    benp/admin instance ]

The server is an x86 Red Hat Linux 7.1 system and we're running
cyrus-imapd-2.0.12 and cyrus-sasl-1.5.24 both built from source.

I'm somewhat new to being a krb5 administrator (so the problem may not
be related to cyrus), but I haven't had any other problems with this
'benp/admin' instance.

Any thoughts?

Ben

-- 
---------------------------------------------------------------------------
Ben Poliakoff                                       email: <[EMAIL PROTECTED]>
Reed College                                          tel:  (503)-788-6674
Unix System Administrator      PGP key: http://www.reed.edu/~benp/key.html
---------------------------------------------------------------------------
0x6AF52019 fingerprint = A131 F813 7A0F C5B7 E74D  C972 9118 A94D 6AF5 2019

Reply via email to