[Freeipa-users] Setting up a Kerberized IMAP Server.

Maria Jose Yañez Dacosta mariajose1982 at gmail.com
Mon Nov 24 16:45:15 UTC 2014 

Thank you for your prompt reply :).

I still don't discover what caused the problem, but now I could get more
information about the problem.

I run the command that you commented me, I did as follows:

- kinit usuipa
- kvno imap/zimbrafreeipa.example.com at FI.example.com

(I said in my previous mail fi.example.com but should have said
zimbrafreeipa.example.com.
 Forgiveness!!).

Then run klist and got this:

11/24/14 14:04:53  11/25/14 14:04:50  krbtgt/FI.EXAMPLE.COM at FI.EXAMPLE.COM
11/24/14 14:05:52  11/25/14 14:04:50  imap/
zimbrafreeipa.fi.example.com at FI.EXAMPLE.COM

Then run
KRB5_TRACE=/dev/stdout kvno imap/zimbrafreeipa.example.com at FI.EXAMPLE.COM
and got this:
---------------------------------------     OUTPUT
---------------------------------------------------------------
[20649] 1416845334.9690: Getting credentials usuipa at FI.EXAMPLE.COM -> imap/
zimbrafreeipa.fi.example.com at FI.EXAMPLE.COM using ccache FILE:/tmp/krb5cc_0
[20649] 1416845334.27562: Retrieving usuipa at FI.EXAMPLE.COM -> imap/
zimbrafreeipa.fi.example.com at FI.EXAMPLE.COM from FILE:/tmp/krb5cc_0 with
result: 0/Conseguido
imap/zimbrafreeipa.fi.example.com at FI.EXAMPLE.COM: kvno = 2
---------------------------------------    END OF OUTPUT
---------------------------------------------------

When I rum
KRB5_TRACE=/dev/stdout thunderbird
this show:

---------------------------------------     OUTPUT
---------------------------------------------------------------
Gtk-Message: Failed to load module "canberra-gtk-module":
libcanberra-gtk-module.so: no se puede abrir el fichero del objeto
compartido: No existe el fichero o el directorio
[20906] 1416845377.323420: ccselect module realm chose cache
FILE:/tmp/krb5cc_0 with client principal usuipa at FI.EXAMPLE.COM for server
principal imap/zimbrafreeipa.fi.example.com at FI.EXAMPLE.COM
[20906] 1416845377.323834: Retrieving usuipa at FI.EXAMPLE.COM ->
krb5_ccache_conf_data/proxy_impersonator at X-CACHECONF: from
FILE:/tmp/krb5cc_0 with result: -1765328243/Matching credential not found
[20906] 1416845377.323939: Getting credentials usuipa at FI.EXAMPLE.COM ->
imap/zimbrafreeipa.fi.example.com at FI.EXAMPLE.COM using ccache
FILE:/tmp/krb5cc_0
[20906] 1416845377.324677: Retrieving usuipa at FI.EXAMPLE.COM -> imap/
zimbrafreeipa.fi.example.com at FI.EXAMPLE.COM from FILE:/tmp/krb5cc_0 with
result: 0/Conseguido
[20906] 1416845377.325617: Creating authenticator for usuipa at FI.EXAMPLE.COM
-> imap/zimbrafreeipa.fi.example.com at FI.EXAMPLE.COM, seqnum 138355536,
subkey aes256-cts/3BB4, session key aes256-cts/A007
[20906] 1416845377.353847: ccselect module realm chose cache
FILE:/tmp/krb5cc_0 with client principal usuipa at FI.EXAMPLE.COM for server
principal imap/zimbrafreeipa.fi.example.com at FI.EXAMPLE.COM
[20906] 1416845377.353971: Retrieving usuipa at FI.EXAMPLE.COM ->
krb5_ccache_conf_data/proxy_impersonator at X-CACHECONF: from
FILE:/tmp/krb5cc_0 with result: -1765328243/Matching credential not found
[20906] 1416845377.354331: Read AP-REP, time 1416845380.325675, subkey
(null), seqnum 1067232298
[20906] 1416845396.10173: ccselect module realm chose cache
FILE:/tmp/krb5cc_0 with client principal usuipa at FI.EXAMPLE.COM for server
principal imap/zimbrafreeipa.fi.example.com at FI.EXAMPLE.COM
[20906] 1416845396.10290: Retrieving usuipa at FI.EXAMPLE.COM ->
krb5_ccache_conf_data/proxy_impersonator at X-CACHECONF: from
FILE:/tmp/krb5cc_0 with result: -1765328243/Matching credential not found
[20906] 1416845396.10316: Getting credentials usuipa at FI.EXAMPLE.COM -> imap/
zimbrafreeipa.fi.example.com at FI.EXAMPLE.COM using ccache FILE:/tmp/krb5cc_0
[20906] 1416845396.10391: Retrieving usuipa at FI.EXAMPLE.COM -> imap/
zimbrafreeipa.fi.example.com at FI.EXAMPLE.COM from FILE:/tmp/krb5cc_0 with
result: 0/Conseguido
[20906] 1416845396.10469: Creating authenticator for usuipa at FI.EXAMPLE.COM
-> imap/zimbrafreeipa.fi.example.com at FI.EXAMPLE.COM, seqnum 592157704,
subkey aes256-cts/5F4D, session key aes256-cts/A007
[20906] 1416845396.35033: ccselect module realm chose cache
FILE:/tmp/krb5cc_0 with client principal usuipa at FI.EXAMPLE.COM for server
principal imap/zimbrafreeipa.fi.example.com at FI.EXAMPLE.COM
[20906] 1416845396.35196: Retrieving usuipa at FI.EXAMPLE.COM ->
krb5_ccache_conf_data/proxy_impersonator at X-CACHECONF: from
FILE:/tmp/krb5cc_0 with result: -1765328243/Matching credential not found
[20906] 1416845396.35293: Read AP-REP, time 1416845399.10477, subkey
(null), seqnum 911725412

---------------------------------------    END OF OUTPUT
---------------------------------------------------


About permissions on keytab file, I have as following:

ls -l /opt/zimbra/conf/krb5.keytab
-rwxrwxrwx 1 zimbra zimbra 366 nov 20 14:45 /opt/zimbra/conf/krb5.keytab

Selinux (/etc/selinux/config)
SELINUX=disabled

What do you think about this?,
 I'm forgetting to do something?.


Have a nice day you too ^.^, and thanks for you help!.


-- 
Maria José
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20141124/90c00616/attachment.htm>

More information about the Freeipa-users mailing list