[Samba] GSSAPI/Kerberos authenticate with Dovecot
basti
mailinglist at unix-solution.de
Wed Dec 12 15:18:30 UTC 2018
On 12.12.18 15:49, Rowland Penny via samba wrote:
> What is your functional level ?
What dowes you mean?
- dovecot machine is join to domain
- keytab is setup.
- see the users via wbinfo -u on dovecot server.
- dovecot is setup like in the wiki with userdb=static.
I have also try to use pam/krb5, when I enter a password I get mails.
(Port 143 with starttls)
TB setting:
server: dovecot ip
user: username at my.fqdn.com
secu: SSL/TLS
auth: Kerberos/GSSAPI
port: 993
Results in
root at dovecot:~# tail -f /var/log/dovecot.debug.log
Dec 12 15:58:22 auth: Debug: Read auth token secret from
/var/run/dovecot/auth-token-secret.dat
Dec 12 15:58:22 auth: Debug: auth client connected (pid=2748)
Dec 12 15:58:28 auth: Debug: auth client connected (pid=2751)
Dec 12 16:06:50 auth: Debug: Loading modules from directory:
/usr/lib/dovecot/modules/auth
Dec 12 16:06:50 auth: Debug: Module loaded:
/usr/lib/dovecot/modules/auth/libdriver_pgsql.so
Dec 12 16:06:50 auth: Debug: Loading modules from directory:
/usr/lib/dovecot/modules/auth
Dec 12 16:06:50 auth: Debug: Module loaded:
/usr/lib/dovecot/modules/auth/libmech_gssapi.so
Dec 12 16:06:50 auth: Debug: Read auth token secret from
/var/run/dovecot/auth-token-secret.dat
Dec 12 16:06:50 auth: Debug: auth client connected (pid=2753)
Dec 12 16:06:52 auth: Debug: auth client connected (pid=2757)
But ticket not accepted.
TB setting:
server: dovecot.my.fqdn.com
user: username at my.fqdn.com
secu: SSL/TLS
auth: Kerberos/GSSAPI
port: 993
Results in no log entry.
More information about the samba
mailing list