Pardon if this has already been observed, but I haven't found mention of it. I have been using Kerberos successfully with Tiger's Mail.app talking to Cyrus imapd and sendmail on a Debian box, for quite some time. I just upgraded to Leopard. Both kerberized SSH and other IMAP/sendmail clients continue to work, including imtest and pine. However, when Mail.app attempts to authenticate to imapd or sendmail, I get this on the server side:
SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context I also observe the following weirdness: in both klist and the Kerberos app on OS X, the realm names on service tickets are not displayed, e.g.: Kerberos 5 ticket cache: 'API:Initial default ccache' Default principal: [EMAIL PROTECTED] Valid Starting Expires Service Principal 01/13/08 16:35:37 01/14/08 02:35:37 krbtgt/[EMAIL PROTECTED] renew until 01/20/08 16:35:37 >>> 01/13/08 16:36:15 01/14/08 02:35:37 imap/sequoia.oankali.net@ renew until 01/20/08 16:35:37 No idea if these are somehow related. I haven't done all the debugging I can (i.e. decoded the gssapi traffic to look for anomalies). I will. But first I wonder if anyone here has run into these problems? Thanks, -- Richard Silverman [EMAIL PROTECTED] ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos