[Samba] [Solved] GSSAPI/Kerberos authenticate with Dovecot
Rowland Penny
rpenny at samba.org
Wed Dec 12 16:03:50 UTC 2018
On Wed, 12 Dec 2018 16:43:58 +0100
basti via samba <samba at lists.samba.org> wrote:
>
> Roland kinit -V5 DOVECOTUSER at MY.FQDN.COM did also work
> I use the samba wiki, dont know why only export 3 keys.
No and neither do I, I just tried it and I only got 3 keys (I expected
5)
klist -e -k /root/dovecot.keytab
Keytab name: FILE:/root/dovecot.keytab
KVNO Principal
---- --------------------------------------------------------------------------
1 imap/host.samdom.example.com at SAMDOM.EXAMPLE.COM (arcfour-hmac)
1 imap/host.samdom.example.com at SAMDOM.EXAMPLE.COM (des-cbc-md5)
1 imap/host.samdom.example.com at SAMDOM.EXAMPLE.COM (des-cbc-crc)
Yet if I run the same command against a system keytab, amongst the
output I get lines like these:
27 ldap/dc3.samdom.example.com at SAMDOM.EXAMPLE.COM (des-cbc-crc)
27 ldap/dc3.samdom.example.com at SAMDOM.EXAMPLE.COM (des-cbc-md5)
27 ldap/dc3.samdom.example.com at SAMDOM.EXAMPLE.COM (aes128-cts-hmac-sha1-96)
27 ldap/dc3.samdom.example.com at SAMDOM.EXAMPLE.COM (aes256-cts-hmac-sha1-96)
27 ldap/dc3.samdom.example.com at SAMDOM.EXAMPLE.COM (arcfour-hmac)
Hmm why only 3 keys with 'idmap' ???
Rowland
More information about the samba
mailing list