+++ This bug was initially created as a clone of Bug #200892 +++

Description of problem:

cyrus-sasl provides the run-time option "sasl_keytab" for kerberos
authentication, if the kerberos libraries have a certain api 
function. This function is present in the libraries, but not correctly
detected by cyrus-sasl's configure, making the libraries ignore the option.
As this option is the only option to supply multiple applications their
own keytab, this is quiet relevant, as the only alternative is to give
the default keytab world read permissons (which would be a major security
hole)

Version-Release number of selected component (if applicable):

cyrus-sasl-2.1.21-10
(but also 2.1.20-5 (fc4) and 2.1.22-3 (rawhide))

Steps to Reproduce:
1. configure a cyrus-imap server, with "sasl_keytab: /etc/cyrus.keytab"
in /etc/imapd.conf
2. put the imap/host@DOMAIN key into /etc/cyrus.keytab, but not into
/etc/krb5.keytab
3. try to use kerbereos with the server. The configured location is ignored.
  
Actual results:

wrong keytab is used.

Expected results:

configured keytab to be used.

Additional info:

A patch for the fc5 release of the package is appended.

-- Additional comment from strecken.uni-passau.de on 2006-08-01
09:15 EST --
Created an attachment (id=133396)
Patch for cyrus-sasl-2.1.21-10


-- Additional comment from nalin on 2007-02-26 17:26 EST --
Rolling this into 2.1.22-6. Thanks!

-- Additional comment from k.georgiou.uk on 2007-02-26 19:40 EST --
Should we clone this for RHEL5 or is it fixed there as well?

-- Additional comment from nalin on 2007-02-26 19:43 EST --
Hmm, definitely not fixed in RHEL 5 (yet).  I'll clone it later this week (along
with the fix for bug #229640) if you don't get to it first.  Thanks!