[Dovecot] Samba AD and Dovecot

Trever L. Adams trever.adams at gmail.com
Wed Oct 7 08:33:24 EEST 2009


Timo Sirainen wrote:
>> I really want to use kerberos/SPNEGO everywhere I can for various
>> reasons. The LDAP would be for the configuration.
> Do you actually want the IMAP/POP3 clients to use Kerberos? For
> plaintext auth I don't see any benefit in Dovecot using Kerberos
> rather than LDAP (and it doesn't support that, except via pam_kerberos
> or whatever I guess). But for clients to use Kerberos (GSSAPI) and
> authenticate against AD while Dovecot is in the middle... I've no
> idea. I guess that's possible somehow.
You have all of the Kerberos/GSSAPI/SPNEGO stuff done. It is just a
matter of can I still have the configuration (for user directories,
etc.) done in LDAP?

http://wiki.dovecot.org/Authentication/Mechanisms/Winbind?highlight=%28spnego%29
for the SNPEG/Kerberos

I am not using this via Plain Text. This is for AD and Kerberos domains.
(Yes, I understand that if I want to do straight kerberos, I use
http://wiki.dovecot.org/Authentication/Kerberos instead.

But instead of userdb static, can it be userdb ldap or some such?
> There's no great way to do this.. A couple of kludgy ways. Like chmod
> 01777 /var/mail. Or override mail_executable setting to a script that
> still runs as root and can create the directory with proper
> permissions. http://wiki.dovecot.org/PostLoginScripting
Alright, I am going to have to find another way for this part. The other
part (Kerberos and LDAP together), I do need. LDAP for configuration,
Kerberos (or NTLM in some cases for SPNEGO) for authentication.


Trever Adams

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
Url : http://dovecot.org/pipermail/dovecot/attachments/20091006/c13abfde/attachment.bin 


More information about the dovecot mailing list