Mark, I did the build it correctly and verified that fact in the manner you suggested. My machine is correctly setup for Kerberos as evidenced by the fact I can login and list my ticket with klist. However, the missing part would seem to be the last item you mentioned:
> Have you defined keytab entries on the KDC for the "imap/imap.uci.edu" > principal? IMAP uses the "imap" principal, not the "host" principal. I was not aware of this and am not much of a Kerberos person but when I mentioned it to a colleague he knew what I/you were talking about. I had the "Kerberos powers that be" generate an /etc/krb5.keytab file and installed it. I now get the expected response: * OK [CAPABILITY IMAP4REV1 LITERAL+ SASL-IR LOGIN-REFERRALS STARTTLS AUTH=GSSAPI] localhost.localdomain IMAP4rev1 2006b.373 at Fri, 29 Sep 2006 13:28:26 -0700 (PDT) thanks for the help, hope this helps someone else out in the future. David Mark Crispin wrote: > On Wed, 27 Sep 2006, David Severance wrote: >> I went ahead, applied the patch and followed your guidance regarding >> EXTRAAUTHENTICATORS=gss and built a binary using "make lrh > ^^^^^^^^^^^^^^^^^^^ >> EXTRAAUTHENICATORS=gss". The problem is that I see no evidence of a >> kerberos > ^^^^^^^^^^^^^^^^^^ >> auth capability when I query the imap daemon. > > Did you spell it correctly in the build? > > Take a look at imap-2006a/c-client/linkage.c. Do you see a line which > reads: > auth_link (&auth_gss); /* link in the gss authenticator */ > > > If you don't, then you didn't build it correctly. > > Even if you build it correctly, GSSAPI will be disabled (and > AUTH=GSSAPI will not show up in the CAPABILITY list) if you don't have > Kerberos service configured on the server system: > > Do you have /etc/krb5.conf and /etc/krb5.keytab files properly set up > on imap.uci.edu? > > Have you defined keytab entries on the KDC for the "imap/imap.uci.edu" > principal? IMAP uses the "imap" principal, not the "host" principal. > > -- Mark -- > > http://panda.com/mrc > Democracy is two wolves and a sheep deciding what to eat for lunch. > Liberty is a well-armed sheep contesting the vote. -- David Severance Network and Academic Computing Services (949) 824-7552 [EMAIL PROTECTED] _______________________________________________ Imap-uw mailing list [email protected] https://mailman1.u.washington.edu/mailman/listinfo/imap-uw
