[OpenAFS] UW IMAP + AFS + Kerberos 5
Ken Hornstein
kenh@cmf.nrl.navy.mil
Wed, 19 Nov 2008 14:35:33 -0500
>The basic Kerberos/IMAP setup seems to work...as I can authenticate,
>and read mail. But IMAP cannot write to the user's AFS based Sent
>folder. Nor can the user access any of their other AFS based mail
>folders via IMAP.
My question to you is ... "how did this work before?"
Authentication to a server (such as an IMAP server) doesn't mean that server
gets the necessary Kerberos bits to do things like access AFS on behalf of
that user; it just means it's proved that users identity via Kerberos. To
actually provide access to AFS on a server, you need to forward over a copy
of a user's TGT, and I don't think (a) any Kerberized IMAP clients will do
that and (b) I don't think any IMAP servers would know what to do with
a TGT that case.
(I am presuming that when you say "Kerberos 5", you are NOT referring to
"validating a plaintext password via a Kerberos 5 database"; if that's
what you mean, then I think Doug's suggestions will point you on the right
track).
--Ken