Hey,
Has anyone gotten cosign working Cyrus IMAP through IMP?
I have gotten IMAP to work with Kerberos tickets locally and
it all seems fine. When I use cosign and mod_apache on an apache 2 server I get
the ticket successfully, but because of the address in the ticket, my KDC is
refusing to issue the imap service ticket for it.
To get around this (at least temporarily - to test the
IMP/imap GSSAPI) I did a kinit on the CC which mod_cosign created for me, then
attempted again. It fails then with an error that I am not allowed to proxy
(and a klist on the CC reveals a nice imap service ticket). So I added myself
to the proxyservers config in imapd.conf, and then it worked. But this isn't
good... it appears something (IMP) is authenticating as me and then
attempting to proxy as the user apache (which the web server is running as).
Any ideas on the both of there???
Thanks
Brett
