Re: Kerberos support for Cyrus: I need help
2002-09-22, v keltezéssel Henrique de Moraes Holschuh ezt írta:
> I have been asked to add kerberos support to Cyrus IMAPd. So far so
good.
> Part of it is already there anyway, as long as Kerberos modules for
SASL2
> are installed in the system.
>
> Now, I have to choose wether to use Heimdal or MIT Kerberos 5.
PLEASE, dont compile it with kerberos support. We have symbols
problem with mit krb5,krb4 vs. heimdal kth-krb4. If you compile it
with any libs it can break the other with sasl2 plugin.
> And not
> being familiar with Kerberos, I don't know what to make of Kerberos 4
> either.
cyrus imapd use sasl/sasl2 for authc/authz.
cyrus imapd dont use krb5 directly, only Kerberos 4 for authorization,
but I think it is not very useful and you should choose between unix
and krb4 for authz at compile time. So if you choose krb4 authz then
you break the unix group based authz.
cyrus pop3d can use krb5 directly, so it can act as a krb5 based kpop3d.
> Is there anyone around who would like to help with these questions,
and with
> configure.in support to link the proper objects? Upstream supports
MIT and
> Heimdal, but their stuff won't work with Debian heimdall
out-of-the-box, for
> example (due to libdes).
I can compile cyrus21/sasl/sasl2 with heimdal and kth-krb4 support, but
as I wrote PLEASE dont do it.
balsa
Reply to: