[29018] in Kerberos
OS X Leopard / Mail.app / Kerberos woes
daemon@ATHENA.MIT.EDU (Richard E. Silverman)
Sun Jan 13 16:45:16 2008
From: "Richard E. Silverman" <res@qoxp.net>
Date: Sun, 13 Jan 2008 16:43:22 -0500
Message-ID: <m2hchhpfk5.fsf@darwin.oankali.net>
MIME-Version: 1.0
X-Complaints-To: abuse@speakeasy.net
X-DMCA-Complaints-To: abuse@speakeasy.net
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Pardon if this has already been observed, but I haven't found mention of
it. I have been using Kerberos successfully with Tiger's Mail.app talking
to Cyrus imapd and sendmail on a Debian box, for quite some time. I just
upgraded to Leopard. Both kerberized SSH and other IMAP/sendmail clients
continue to work, including imtest and pine. However, when Mail.app
attempts to authenticate to imapd or sendmail, I get this on the server
side:
SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context
I also observe the following weirdness: in both klist and the Kerberos app
on OS X, the realm names on service tickets are not displayed, e.g.:
Kerberos 5 ticket cache: 'API:Initial default ccache'
Default principal: res@OANKALI.NET
Valid Starting Expires Service Principal
01/13/08 16:35:37 01/14/08 02:35:37 krbtgt/OANKALI.NET@OANKALI.NET
renew until 01/20/08 16:35:37
>>> 01/13/08 16:36:15 01/14/08 02:35:37 imap/sequoia.oankali.net@
renew until 01/20/08 16:35:37
No idea if these are somehow related. I haven't done all the debugging I
can (i.e. decoded the gssapi traffic to look for anomalies). I will. But
first I wonder if anyone here has run into these problems?
Thanks,
--
Richard Silverman
res@qoxp.net
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
