+++ This bug was initially created as a clone of Bug #200892 +++
Description of problem:
cyrus-sasl provides the run-time option "sasl_keytab" for kerberos
authentication, if the kerberos libraries have a certain api
function. This function is present in the libraries, but not correctly
detected by cyrus-sasl's configure, making the libraries ignore the option.
As this option is the only option to supply multiple applications their
own keytab, this is quiet relevant, as the only alternative is to give
the default keytab world read permissons (which would be a major security
Version-Release number of selected component (if applicable):
(but also 2.1.20-5 (fc4) and 2.1.22-3 (rawhide))
Steps to Reproduce:
1. configure a cyrus-imap server, with "sasl_keytab: /etc/cyrus.keytab"
2. put the imap/host@DOMAIN key into /etc/cyrus.keytab, but not into
3. try to use kerbereos with the server. The configured location is ignored.
wrong keytab is used.
configured keytab to be used.
A patch for the fc5 release of the package is appended.
-- Additional comment from email@example.com on 2006-08-01
09:15 EST --
Created an attachment (id=133396)
Patch for cyrus-sasl-2.1.21-10
-- Additional comment from firstname.lastname@example.org on 2007-02-26 17:26 EST --
Rolling this into 2.1.22-6. Thanks!
-- Additional comment from email@example.com on 2007-02-26 19:40 EST --
Should we clone this for RHEL5 or is it fixed there as well?
-- Additional comment from firstname.lastname@example.org on 2007-02-26 19:43 EST --
Hmm, definitely not fixed in RHEL 5 (yet). I'll clone it later this week (along
with the fix for bug #229640) if you don't get to it first. Thanks!
This request was evaluated by Red Hat Product Management for
inclusion in a Red Hat Enterprise Linux release. Since this
bugzilla is in a component that is not approved for the current
release, it has been closed with resolution deferred. You may
reopen this bugzilla for consideration in the next release.
Huh? cyrus-sasl is part of RHEL5. Nalin can you please reopen this?