In dispair, I reformatted the server today and started again. I know, extreme, but am at witts end with this problem.
Did everything requested in this thread so far and the result has been the same as before.
Not sure what you mean by the output of KINIT. If you mean KLIST, then that's already been posted. However here is it again.
Keytab name: FILE:/etc/krb5.keytab
KVNO Principal
---- --------------------------------------------------------------------------
3 scalix-ual/snotra.mirifice.com@MIRIFICE.COM
3 scalix-ual/snotra.mirifice.com@MIRIFICE.COM
3 imap/snotra.mirifice.com@MIRIFICE.COM
3 imap/snotra.mirifice.com@MIRIFICE.COM
3 ubermanager/snotra.mirifice.com@MIRIFICE.COM
3 res/snotra.mirifice.com@MIRIFICE.COMThe pamcheck file, is what you have just provided so no need to post that again.
The output of
sxpamauth -vvv marky@mirifice.com is:
pam_start_om("pamcheck", "marky@mirifice.com")
pam_authenticate()
om_debug: authenticate: PAM_USER = "RichMarksnotraMark Rich"
om_debug: authenticate: PAM_AUTHTOK not set
om_krb5 (authenticate):
user_unknown="Please ignore underlying account module"
service="scalix_ual"
om_krb5: authid = "mark.rich"
Kerberos Password:
om_krb5: service principal: "scalix-ual/snotra.mirifice.com"
om_krb5: unknown authentication failure: Decrypt integrity check failed
om_krb5: Authentication failure
om_auth: authenticate:
nullok: yes
recordbad: no
Scalix password:
om_auth: save non-empty password in PAM_AUTHTOK
om_auth: bad password count now 1 (not recorded)
om_auth: Authentication failure
pam_authenticate: Permission denied
Not authenticated: Permission denied
To be honest, not a lot of this makes any sense to me. What the options are for omauth is still difficult to grasp at this time.
The output of your other request,
omshowu -n mark.rich is:
Authentication ID: mark.rich
Globally Unique ID: 44c345b8-33c1-102d-8c0a-847adda04031
User Name : Mark Rich /CN=Mark Rich
MailNode : snotra
Internet Address : mark.rich@mirifice.com=mrich@mirifice.com=markr@mirifice.com=markrich@mirifice.com=marky@mirifice.com=markytest2@mirifice.co.uk
System Login : 55014
Password : unset
Admin Capabilities : NO
Mailbox Admin Capabilities : NO
Language : ENGLISH
Mail Account: Unlocked
Last Signon : 06.17.09 15:37:04
Receipt of mail : ENABLED
Service level : 0
Excluded from Tidyall : NO
Recovery Folder visible : NO
User Class : Limited
SIS URL : sxidx://snotra.mirifice.com/0c200000636 ... 21.861.291I wasn't aware the threads had limits on their size so as long as the problem persists, I'll keep posting. In addition the time difference means thread replies usually come as I'm winding up for the day. Thus the continual requests for help on a system which seems very tricky to setup without prior knowledge. Not impossible, just very hard.
I don't think my system setup is that complicated. I have a mail server, an LDAP server and a Kerberos server.
Thanks for your help so far and every bit appreciated.
Marky