Unable to Kerberos/GSSAPI an existing user on new workstation
Aki Tuomi
aki.tuomi at dovecot.fi
Thu Jul 13 08:23:43 EEST 2017
> On July 12, 2017 at 2:54 AM Mark Foley <mfoley at ohprs.org> wrote:
>
>
> My last message probably contained too much information. This one is more succient.
>
> I have a user, 'mark', who has been running a Thunderbird client on Windows to Dovecot server
> with Kerberos/GSSAPI authentication for over a year. I created a new Tbird account on a new
> Linux workstation for 'mark', also with Kerberos/GSSAPI and that worked just fine.
>
> I have another user, 'dsmith', who has been running a Thunderbird client on Windows to Dovecot
> server with Kerberos/GSSAPI authentication for over a year as well, no problems. I created a
> new Tbird account on the same new Linux workstation as above for 'dsmith', also with
> KerberosGSSAPI and that DID NOT WORK! I get the message in Thunderbird:
>
> "The Kerberos/GSSAPI ticket was not accepted by the IMAP server ... please check that you
> are logged into the Kerberos/GSSAPI realm."
>
> I created/recreated the smith account numerous time with slightly different settings hoping
> something will work, but I always get the same message.
>
> Why? I need to figure this out ASAP.
>
> Here is the dovecot log when user dsmith attempts to connect to dovecot from the Tbird client:
<snip/>
> Thanks, Mark
Hi!
Judging from the logs it seems the user is able to log in just fine. There are no errors. Perhaps you could turn on debug logging on the client workstation and see what thunderbird does?
You can achieve this with following
env NSPR_LOG_MODULES=all:4 NSPR_LOG_FILE=~/tbird.log.txt thunderbird
you can set it to all:5 if you think it might reveal something more.
Aki
More information about the dovecot
mailing list