[Dovecot] Dovecot 1.1.12 ignores auth_krb5_keytab settings
Hello, i am using here a FreeBSD 7.0 amd64 with latest dovecot from ports. It ignores the krb5_keytab settings, which looks like this in the logs:
dovecot: Aug 02 18:56:54 Error: auth(default): gssapi(?,130.149.58.145): While processing incoming data: Miscellaneous failure (see text) dovecot: Aug 02 18:56:54 Error: auth(default): gssapi(?,130.149.58.145): While processing incoming data: /etc/krb5.keytab: No such file or directory dovecot: Aug 02 18:56:59 Info: imap-login: Aborted login (auth failed, 1 attempts): method=GSSAPI, rip=130.149.58.145, lip=130.149.58.162, TLS
It is the same errror i got with dovecot 1.0.13.
MfG Christoph
Below my config:
# 1.1.2: /usr/local/etc/dovecot.conf log_path: /var/log/dovecot.log protocols: imaps managesieve listen: mail2.physik-pool.tu-berlin.de ssl_cert_file: /etc/CERT ssl_key_file: /etc/KEY login_dir: /var/run/dovecot/login login_executable(default): /usr/local/libexec/dovecot/imap-login login_executable(imap): /usr/local/libexec/dovecot/imap-login login_executable(managesieve): /usr/local/libexec/dovecot/managesieve-login verbose_proctitle: yes first_valid_uid: 200 mail_privileged_group: mail mail_location: maildir:~/maildir:INDEX=/var/dovecot/%1n/%n mmap_disable: yes mail_nfs_storage: yes mail_nfs_index: yes mail_executable(default): /usr/local/libexec/dovecot/imap mail_executable(imap): /usr/local/libexec/dovecot/imap mail_executable(managesieve): /usr/local/libexec/dovecot/managesieve mail_plugin_dir(default): /usr/local/lib/dovecot/imap mail_plugin_dir(imap): /usr/local/lib/dovecot/imap mail_plugin_dir(managesieve): /usr/local/lib/dovecot/managesieve imap_client_workarounds(default): delay-newmail netscape-eoh tb-extra-mailbox-sep imap_client_workarounds(imap): delay-newmail netscape-eoh tb-extra-mailbox-sep imap_client_workarounds(managesieve): sieve_storage(default): sieve_storage(imap): sieve_storage(managesieve): ~/sieve sieve(default): sieve(imap): sieve(managesieve): ~/.dovecot.sieve namespace: type: private separator: / inbox: yes list: yes subscriptions: yes namespace: type: private separator: / prefix: mail/ location: mbox:~/mail list: yes subscriptions: yes auth default: mechanisms: gssapi plain login krb5_keytab: /etc/mail2.krb5.keytab worker_max_count: 120 passdb: driver: pam userdb: driver: passwd args: [blocking=yes]
On Aug 2, 2008, at 1:12 PM, christop wrote:
i am using here a FreeBSD 7.0 amd64 with latest dovecot from ports. It ignores the krb5_keytab settings, which looks like this in the
logs:
What this setting does is that it adds KRB5_KTNAME environment that
the Kerberos library should pick up. Are you using MIT or Heimdal
Kerberos? If Heimdal:
krb5_keytab: /etc/mail2.krb5.keytab
A quick google lookup showed an example with FILE: prefix. Try:
krb5_keytab = FILE:/etc/mail2.krb5.keytab
Timo Sirainen schrieb:
On Aug 2, 2008, at 1:12 PM, christop wrote:
i am using here a FreeBSD 7.0 amd64 with latest dovecot from ports. It ignores the krb5_keytab settings, which looks like this in the logs:
What this setting does is that it adds KRB5_KTNAME environment that the Kerberos library should pick up. Are you using MIT or Heimdal Kerberos?
It is Heimdal 0.6.3 out of the FreeBSD Basesystem.
If Heimdal:
krb5_keytab: /etc/mail2.krb5.keytab A quick google lookup showed an example with FILE: prefix. Try:
krb5_keytab = FILE:/etc/mail2.krb5.keytab
I tried this, but it did not help.
Atleast it should be possible with the Kerberos libs, because we doing this for a different service with cyrus-sasl-2.1.22. There is a textfile in /usr/local/lib/sasl2 which reads:
keytab: /etc/unp.krb5.keytab pwcheck_method: saslauthd mech_list: gssapi
MfG Christoph
On Aug 4, 2008, at 4:50 PM, christop wrote:
Timo Sirainen schrieb:
On Aug 2, 2008, at 1:12 PM, christop wrote:
i am using here a FreeBSD 7.0 amd64 with latest dovecot from ports. It ignores the krb5_keytab settings, which looks like this in the
logs:What this setting does is that it adds KRB5_KTNAME environment that
the Kerberos library should pick up. Are you using MIT or Heimdal
Kerberos?It is Heimdal 0.6.3 out of the FreeBSD Basesystem.
See if this helps: http://hg.dovecot.org/dovecot-1.1/rev/818a638fa9a3
You'll need to run autogen.sh and configure again after that.
Timo Sirainen schrieb:
On Aug 4, 2008, at 4:50 PM, christop wrote:
Timo Sirainen schrieb:
On Aug 2, 2008, at 1:12 PM, christop wrote:
i am using here a FreeBSD 7.0 amd64 with latest dovecot from ports. It ignores the krb5_keytab settings, which looks like this in the logs:
What this setting does is that it adds KRB5_KTNAME environment that the Kerberos library should pick up. Are you using MIT or Heimdal Kerberos?
It is Heimdal 0.6.3 out of the FreeBSD Basesystem.
See if this helps: http://hg.dovecot.org/dovecot-1.1/rev/818a638fa9a3
You'll need to run autogen.sh and configure again after that.
Dovecot 1.1.13 works for me, thank you very much.
MfG Christoph
participants (2)
-
christop
-
Timo Sirainen