Hi all.
I have a troube with GSSAPI (Dovecot 2.0.7) auth:
auth: Debug: client in: AUTH 1 GSSAPI service=imap
lip=192.168.1.56 rip=192.168.1.2 lport=143 $
auth: Debug: gssapi(?,192.168.1.2): Obtaining credentials for imap@
auth: Info: gssapi(?,192.168.1.2): While acquiring service credentials: An
invalid name was supplied
auth: Info: gssapi(?,192.168.1.2): While acquiring service credentials: Unknown
code krb5 216
Kerberos key imap/hostname at REALM installed, dovecot.conf:
auth_debug = yes
auth_krb5_keytab = /etc/krb5.keytab
auth_mechanisms = gssapi
disable_plaintext_auth = no
first_valid_uid = 1
log_path = /var/log/dovecot.log
log_timestamp = "%Y-%m-%d %H:%M:%S "
mail_gid = 89
mail_location = maildir:/var/spool/mail/%n
mail_privileged_group = mail
mail_uid = 89
service imap-login {
inet_listener imap {
address = *
port = 143
}
}
ssl = no
userdb {
driver = static
}
Any ideas?
On Mon, 2010-11-22 at 15:33 +0300, asd dsa wrote:> > auth: Debug: gssapi(?,192.168.1.2): Obtaining credentials for imap@ > auth: Info: gssapi(?,192.168.1.2): While acquiring service > credentials: An invalid name was suppliedMaybe you need to set auth_gssapi_hostname?
>Maybe you need to set auth_gssapi_hostname?I added auth_gssapi_hostname = servertd.td.pmz.com.ua (its the KDC) to dovecot.conf and generated again service principals: slot KVNO Principal ---- ---- --------------------------------------------------------------------- 1 14 imap/melchior.td.pmz.com.ua at TD.PMZ.COM.UA 2 13 host/melchior.td.pmz.com.ua at TD.PMZ.COM.UA 3 1 imap/melchior.td.pmz.com.ua at TD.PMZ.COM.UA 4 1 host/melchior.td.pmz.com.ua at TD.PMZ.COM.UA Then i got: auth: Debug: gssapi(?,192.168.1.50): Obtaining credentials for imap at servertd.td.pmz.com.ua auth: Info: gssapi(?,192.168.1.50): While acquiring service credentials: Unspecified GSS failure. Minor code may provide more$ auth: Info: gssapi(?,192.168.1.50): While acquiring service credentials: No principal in keytab matches desired name Something wrong with service principals, but what?