[prev in list] [next in list] [prev in thread] [next in thread] 

List:       cyrus-sasl
Subject:    Re: Help needed with Cyrus, Sasl, Kerberos5
From:       Dan White <dwhite () olp ! net>
Date:       2008-08-14 13:32:11
Message-ID: 48A433DB.5050507 () olp ! net
[Download RAW message or body]

Michael Guyver wrote:
> 2008/8/13 Dan White <dwhite@olp.net>:
>   
>> Typically you would not specify a user (-a) in your GSSAPI connection.
>> Specifying a -u is asking the server to do proxy authorization, requiring
>> the identity in the ticket to exist in proxy_admins I believe, unless you're
>> providing the same identity in your -u as exists in your ticket.
>>     
>
> Ah, I see. I didn't realise it was trying to do proxy-authentication,
> I thought that different -u and -a values would produce that effect.
> I'll have another go trying it without either -u or -a. Any chance you
> could elaborate on your "proxy_admins" comment, though?
>   

I should have said 'proxyservers', which is a configuration item within 
imapd.conf. It allows you to configure users who are allowed to proxy 
auth (-u) as any other identity.

- Dan
[prev in list] [next in list] [prev in thread] [next in thread]