Evolution and multiple kerberos tickets for GSSAPI authenticated email accounts

Nalin Dahyabhai nalin at redhat.com
Fri Sep 11 20:55:46 UTC 2015


On Fri, Sep 11, 2015 at 10:44:25AM -0400, Kanwar Ranbir Sandhu wrote:
> Hi Everyone,
> 
> If I want to use Evolution for email and configure more than one email
> account with all of them setup to use GSSAPI auth, how do I then get
> more than one kerberos ticket? I tried to configure two accounts (same
> domain), but Evolution complained a ticket for the second one didn't
> exist. I can switch back and forth by destroying one and getting a
> ticket for the other so I know GSSAPI auth works.
> 
> I read the kinit man page and noticed more than one cache can be used.
> I think that's what I need to do for the above to work, but I don't
> know how to automatically enable it. I also don'e know how to configure
> Evolution to use something other than the default cache.
> 
> I've done some searching online and so far I haven't found anything.
> I'm likely using the wrong search terms because there's no way no one
> else hasn't tried this already. :)

Assuming you've got them both in a cache collection ("klist" shows
you're using a ccache type of "DIR" or "KEYRING", and "klist -l" lists
multiple caches, each for a different set of credentials), then setting
up a ~/.k5identity file should let you help the library to select the
right set of client credentials to use for each server.

The k5identity(5) man page has examples, and other than maybe needing to
note that the service name is "imap" when you're connecting to a mail
server using IMAP, there's not much for me to add.

> Is what I'm trying nuts?

Not at all.

HTH,

Nalin


More information about the users mailing list