Thunderbird issues, KfW, Windows domain + separate KDC
Jeff Blaine
jblaine at kickflop.net
Mon Aug 6 10:10:51 EDT 2007
Hi all,
I've already addressed this with some of the Thunderbird
developers and was directed here as it is believed it's
a configuration problem, not a Thunderbird problem.
ERROR: Server does not support secure authentication (rephrased
error message from Thunderbird dialog).
More details on above error found via debugging settings:
10800[20cf170]: gss_init_sec_context() failed:
Unspecified GSS failure. Minor code may provide
more information
Server not found in Kerberos database
10800[20cf170]: leaving nsAuthGSSAPI::GetNextToken
[rv=80004005]
And finally note that the KDC I would like to authenticate to
(ourkdc.company.org) never logs a single thing related to this
Thunderbird auth attempt.
Client Environment
==================
1. Thunderbird 1.5.0.12
network.auth.use-sspi = false
2. Kerberos for Windows 3.2
3. C:\WINDOWS\krb5.ini contains:
[libdefaults]
default_realm = MYREALM.COMPANY.ORG
[domain_realm]
.company.org = MYREALM.COMPANY.ORG
company.org = MYREALM.COMPANY.ORG
[realms]
MYREALM.COMPANY.ORG = {
kdc = ourkdc.company.org
admin_server = ourkdc.company.org
}
5. Credentials for jblaine at MYREALM.COMPANY.ORG are obtained
just fine.
6. This client is ALSO part of a Windows domain that I have
no control over. That Windows domain (kerberos-wise) is
"COMPANY.ORG" and when Kerberos for Windows starts the
credentials for jblaine at COMPANY.ORG are imported.
KDC Environment (ourkdc.company.org)
====================================
1. MIT Kerberos 1.6.2
2. imap/mailsrv1.company.org exists in KDC and is in the
keytab file on mailsrv1.company.org
3. host/mailsrv1.company.org exists in KDC and is in the
keytab file on mailsrv1.company.org
Mail Server Environment
=======================
1. Cyrus IMAP 2 + Cyrus SASL 2
2. imtest with GSSAPI works fine when I have credentials for
jblaine at MYREALM.COMPANY.ORG
More information about the Kerberos
mailing list