[Dovecot] gssapi problems (postfix sasl through dovecot, dovecot imap working fine)
Trever L. Adams
trever.adams at gmail.com
Sat Oct 16 06:50:18 EEST 2010
Thanks to Timo, I have solved all but one of my problems. For back
ground, I am using Samba4 as an AD. I have the userdb working from LDAP
just fine and kerberos authenetication for dovecot's IMAP server working
fine. The problem is using dovecot's SASL with postfix. I also have
plain/login working in imap and smtp. Both use pam_krb5 through pam to
authenticate clients that don't have kerberos, and for now smtp. When
trying to do smtp kerberos, I get the following:
postfix/smtpd[6197]: warning: CLIENT_FQDN[CLIENT_IP]: request longer
than 2048: AUTH GSSAPI ...
dovecot: auth: Debug: client in:
AUTH#0111#011GSSAPI#011service=smtp#011nologin#011lip=SERVER_IP#011rip=CLIENT_IP#011secured#011resp=<hidden>
dovecot: auth: Debug: gssapi(?,CLIENT_IP): Obtaining credentials for
smtp at MAILSERVER_FQDN
dovecot: auth: gssapi(?,CLIENT_IP): While processing incoming data:
Unspecified GSS failure. Minor code may provide more information
dovecot: auth: gssapi(?,CLIENT_IP): While processing incoming data:
Invalid message type
postfix/smtpd[6197]: warning: CLIENT_FQDN[CLIENT_IP]: SASL GSSAPI
authentication failed:
dovecot: auth: Debug: client out: FAIL#0111
# klist -k /etc/dovecot/krb5.keytab
Keytab name: WRFILE:/etc/dovecot/krb5.keytab
KVNO Principal
----
--------------------------------------------------------------------------
2 imap/MAILSERVER_FQDN at DOMAIN_REALM
2 smtp/MAILSERVER_FQDN at DOMAIN_REALM
The client is Thunderbird.
Any help would be greatly appreciated. I have made sure that the file
has proper permissions. I have regenerated the smtp cert making suer the
password is accurate. I have done everything I know to try. The only
thing that I am guess remains is something is broken with Thunderbird's
kerberos setup for smtp.
Thank you very much,
Trever
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
Url : http://dovecot.org/pipermail/dovecot/attachments/20101015/8f3bb49a/attachment.bin
More information about the dovecot
mailing list