cyrus-imapd and GSSAPI authentication
Mar 3rd, 2007 by Kostas Georgiou
This is driving me crazy, I found out why it wasn’t working with sasl_keytab: … (#200892) and rebuilding the cyrus-sasl rpm with the patch fixed this problem. Now after a reboot it stopped working!! I suspect that SELinux is somehow affecting the kerberos server but I can’t see anything related in the audit logs. Really strange.
And of course it was me that somehow managed to get my keytabs out of sync with the krb server.
I forgot to switch selinux to enforcing in my last tests so I just found out that I also need to allow access to krb5.conf from cyrus-imapd #232372
I suspect I am going to need similar modules for other services…
module mycyrusimapd 1.0.0;
require {
class dir search;
class file { read getattr };
type cyrus_t;
type krb5_conf_t;
role system_r;
};
allow cyrus_t krb5_conf_t:file read;
allow cyrus_t krb5_conf_t:file getattr;