Re: unified murder and GSSAPI
On Tue, 17 Oct 2006, Huaqing Zheng wrote: From: Huaqing Zheng [EMAIL PROTECTED] To: info-cyrus@lists.andrew.cmu.edu Date: Tue, 17 Oct 2006 18:27:27 -0700 Subject: unified murder and GSSAPI ... Yet when I switch over the cyrus user, set my KRB5CCNAME to the correctly generated service/murder ticket and try to run ctl_mboxlist -mw, I get the following in my syslog: ctl_mboxlist[13748]: couldn't authenticate to backend server: generic failure ctl_mboxlist[13847]: GSSAPI Error: Miscellaneous failure (Server not found in Kerberos database) Any ideas or pointers at better documentation on how to get this working? The Server not found in Kerberos database error usually indicates that it's not asking for the service key you've set up. Your kerberos logs should tell you what service key it's requesting. You need to set up a keytab containing that key. (No, I haven't set something like this up. But the logs on the kerberos server are often useful in diagnosing obscure failures.) -- Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK [EMAIL PROTECTED] Phone: +44 1225 386101 Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
unified murder and GSSAPI
Has anyone gotten a unified Murder and GSSAPI configuration working? The documentation is lacking, to say the least. This is what I'm trying to do: 1 master mupdate server 8 unified frontend/backend servers I want all the servers to authenticate with each other via K5 GSSAPI. Ideally, I would like them to use a shared K5 keytab with the principle name service/murder to communicate with each other. On the mupdate server, in the cyrus.conf file, I have: authcmd=/usr/bin/k5start -H 60 -l 10h -f /etc/keytab.murder -k /var/tmp/murder.k5.tgt service/murder mupdate cmd=mupdate -m listen=3905 prefork=1 (k5start is similar to ksrvtgt.) In imapd.conf, I have admins: service/murder On the initial testing backend server, I have the following in imapd.conf: mupdate_server: mupdate master mupdate_config: unified mupdate_port: 3905 force_sasl_client_mech: GSSAPI Yet when I switch over the cyrus user, set my KRB5CCNAME to the correctly generated service/murder ticket and try to run ctl_mboxlist -mw, I get the following in my syslog: ctl_mboxlist[13748]: couldn't authenticate to backend server: generic failure ctl_mboxlist[13847]: GSSAPI Error: Miscellaneous failure (Server not found in Kerberos database) Any ideas or pointers at better documentation on how to get this working? -- Huaqing Zheng Beer and Code Wrangler at Large Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html