Red Hat Bugzilla – Bug 200892
cyrus-sasl built without support for sasl_keytab
Last modified: 2007-11-30 17:11:39 EST
Description of problem:
cyrus-sasl provides the run-time option "sasl_keytab" for kerberos
authentication, if the kerberos libraries have a certain api
function. This function is present in the libraries, but not correctly
detected by cyrus-sasl's configure, making the libraries ignore the option.
As this option is the only option to supply multiple applications their
own keytab, this is quiet relevant, as the only alternative is to give
the default keytab world read permissons (which would be a major security
Version-Release number of selected component (if applicable):
(but also 2.1.20-5 (fc4) and 2.1.22-3 (rawhide))
Steps to Reproduce:
1. configure a cyrus-imap server, with "sasl_keytab: /etc/cyrus.keytab"
2. put the imap/host@DOMAIN key into /etc/cyrus.keytab, but not into
3. try to use kerbereos with the server. The configured location is ignored.
wrong keytab is used.
configured keytab to be used.
A patch for the fc5 release of the package is appended.
Created attachment 133396 [details]
Patch for cyrus-sasl-2.1.21-10
Rolling this into 2.1.22-6. Thanks!
Should we clone this for RHEL5 or is it fixed there as well?
Hmm, definitely not fixed in RHEL 5 (yet). I'll clone it later this week (along
with the fix for bug #229640) if you don't get to it first. Thanks!