[Evolution] Evolution, IMAP, GSSAPI and kerberos
J. Siepkes
JSiepkes@planet.nl
Mon, 02 Aug 2004 23:15:51 +0200
This is a multi-part message in MIME format.
--Boundary_(ID_DtntMo5rgwA+C9iFEdOQ+g)
Content-type: text/plain; charset=us-ascii
Content-transfer-encoding: 7BIT
Hello,
I've got a a small problem with IMAP/Kerberos and GSSAPI/Evolution. I want
to authenticate against a Kerberos KDC. The problem is that evolution uses
the wrong principal name.
Log snip:
-----8<---------------------------------------------------------------------
--------------------------
Aug 02 23:04:55 judicator.lan krb5kdc[2086](info): TGS_REQ (6 etypes {16 5
23 3 2 1}) 192.168.1.70: UNKNOWN_SERVER: authtime 1091478408,
ktf@JUDICATOR.LAN for imap/judicator.lan@JUDICATOR.LAN, Server not found in
Kerberos database
-----8<---------------------------------------------------------------------
--------------------------
Other clients work just fine with Kerberos authentication (like Eudora on
windows). The principal name it should use is imap/judicator@JUDICATOR.LAN.
This is my krb5.conf on the evolution and Eudora client:
-----8<---------------------------------------------------------------------
--------------------------
[libdefaults]
ticket_lifetime = 24000
default_realm = JUDICATOR.LAN
default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
[realms]
JUDICATOR.LAN = {
kdc = kerberos.judicator.lan:88
admin_server = kerberos.judicator.lan:749
default_domain = judicator.lan
}
[domain_realm]
.judicator.lan = JUDICATOR.LAN
judicator.lan = JUDICATOR.LAN
-----8<---------------------------------------------------------------------
--------------------------
Does anyone why evolution picks the wrong principal name?
Thanks in advance,
Jasper Siepkes
--Boundary_(ID_DtntMo5rgwA+C9iFEdOQ+g)
Content-type: text/html; charset=us-ascii
Content-transfer-encoding: 7BIT
<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<style>
<!--
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;}
span.E-mailStijl17
{mso-style-type:personal-compose;
font-family:Arial;
color:windowtext;}
@page Section1
{size:595.3pt 841.9pt;
margin:70.85pt 70.85pt 70.85pt 70.85pt;}
div.Section1
{page:Section1;}
-->
</style>
</head>
<body lang=NL link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Hello,<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>I’ve got a a small problem with IMAP/Kerberos
and GSSAPI/Evolution. I want to authenticate against a Kerberos KDC. The
problem is that evolution uses the wrong principal name.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Log snip:<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>-----8<-----------------------------------------------------------------------------------------------<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Aug 02 23:04:55 judicator.lan krb5kdc[2086](info):
TGS_REQ (6 etypes {16 5 23 3 2 1}) 192.168.1.70: UNKNOWN_SERVER: authtime
1091478408, ktf@JUDICATOR.LAN for imap/judicator.lan@JUDICATOR.LAN, Server not
found in Kerberos database<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>-----8<-----------------------------------------------------------------------------------------------<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Other clients work just fine with Kerberos authentication
(like Eudora on windows). The principal name it should use is <a
href="mailto:imap/judicator@JUDICATOR.LAN">imap/judicator@JUDICATOR.LAN</a>.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>This is my krb5.conf on the evolution and Eudora client:<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>-----8<-----------------------------------------------------------------------------------------------<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>[libdefaults]<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'> ticket_lifetime = 24000<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'> default_realm = JUDICATOR.LAN<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'> default_tkt_enctypes = des3-hmac-sha1
des-cbc-crc<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'> default_tgs_enctypes = des3-hmac-sha1
des-cbc-crc<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>[realms]<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'> JUDICATOR.LAN = {<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'> kdc = kerberos.judicator.lan:88<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'> </span></font><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'>admin_server =
kerberos.judicator.lan:749<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'> </span></font><font size=2 face=Arial><span
lang=EN-GB style='font-size:10.0pt;font-family:Arial'>default_domain =
judicator.lan<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'> }<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>[domain_realm]<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'> .judicator.lan = JUDICATOR.LAN<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'> judicator.lan = JUDICATOR.LAN<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>-----8<-----------------------------------------------------------------------------------------------<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Does anyone why evolution picks the wrong principal
name?<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Thanks in advance,<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jasper Siepkes<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
</div>
</body>
</html>
--Boundary_(ID_DtntMo5rgwA+C9iFEdOQ+g)--