Description of problem: cyrus-sasl provides the run-time option "sasl_keytab" for kerberos authentication, if the kerberos libraries have a certain api function. This function is present in the libraries, but not correctly detected by cyrus-sasl's configure, making the libraries ignore the option. As this option is the only option to supply multiple applications their own keytab, this is quiet relevant, as the only alternative is to give the default keytab world read permissons (which would be a major security hole) Version-Release number of selected component (if applicable): cyrus-sasl-2.1.21-10 (but also 2.1.20-5 (fc4) and 2.1.22-3 (rawhide)) How reproducible: Steps to Reproduce: 1. configure a cyrus-imap server, with "sasl_keytab: /etc/cyrus.keytab" in /etc/imapd.conf 2. put the imap/host@DOMAIN key into /etc/cyrus.keytab, but not into /etc/krb5.keytab 3. try to use kerbereos with the server. The configured location is ignored. Actual results: wrong keytab is used. Expected results: configured keytab to be used. Additional info: A patch for the fc5 release of the package is appended.
Created attachment 133396 [details] Patch for cyrus-sasl-2.1.21-10
Rolling this into 2.1.22-6. Thanks!
Should we clone this for RHEL5 or is it fixed there as well?
Hmm, definitely not fixed in RHEL 5 (yet). I'll clone it later this week (along with the fix for bug #229640) if you don't get to it first. Thanks!