[Samba] Where is krb5.keytab or equivalent?
Achim Gottinger
achim at ag-web.biz
Fri Jul 1 21:52:53 UTC 2016
Here is an simpler way to create an user with the imap principal and the
dovecot keymap
~# samba-tool user create dovecot
[Assign password]
~# samba-tool spn add imap/server.domain.local dovecot
~# samba-tool domain exportkeytab --principal dovecot at DOMAIN.LOCAL
dovecot.keytab
~# cp dovecot.keytab /etc/dovecot/dovecot.keytab
~#chgrp dovecot /etc/dovecot/dovecot.keytab
~#chmod g+r /etc/dovecot/dovecot.keytab
As a side note. I test on an different server now and above and the mutt
test from my other mail only works with
auth_gssapi_hostname = "$ALL"
defined in dovecot config.
Otherwise I get these errors
Jul 1 23:47:29 server dovecot: auth: Debug:
gssapi(?,127.0.0.1,<55Rq7pk24gB/AAAB>): Obtaining credentials for imap@
Jul 1 23:47:33 server dovecot: auth:
gssapi(?,127.0.0.1,<55Rq7pk24gB/AAAB>): While acquiring service
credentials: Unspecified GSS failure. Minor code may provide more
information
Am 01.07.2016 um 22:40 schrieb Achim Gottinger:
> I'm sure it will not work till you get that module build. :-)
>
>
> Am 01.07.2016 um 20:53 schrieb Mark Foley:
>> On Fri, 1 Jul 2016 11:55:20 +0200 Achim Gottinger <achim at ag-web.biz>
>> wrote:
>>
>>> Do you have /usr/lib/dovecot/modules/auth/libmech_gssapi.so? Maybe
>>> at an
>>> different location. On debian this comes with the dovecot-gssapi
>>> package.
>> That module is nowhere on my system.
>>
>> --Mark
>>
>
>
More information about the samba
mailing list