[Dovecot] LDAP and GSSAPI problems

Timo Sirainen tss at iki.fi
Wed Feb 2 23:38:55 EET 2011


On Wed, 2011-02-02 at 14:29 -0700, Trever L. Adams wrote:

> dn = smtp/mailhost.example.org at EXAMPLE.ORG
> sasl_bind = yes
> sasl_mech = GSSAPI
> sasl_realm = EXAMPLE.ORG
> sasl_authz_id = smtp/mailhost.example.org at EXAMPLE.ORG

LDAP SASL authentication goes through Cyrus SASL library, nothing
Dovecot can do about it, except for me to write my own LDAP library.

> Additionally, I have "auth_krb5_keytab = /etc/dovecot/krb5.keytab" setup
> for the GSSAPI user login.

So this setting is never used. If that's the problem, you could try if
you can work around it in a bit kludgy way:

service auth {
  executable = /usr/local/bin/auth-wrapper.sh
}

Which contains:

#!/bin/sh
export KRB5_KTNAME=/etc/dovecot/krb5.keytab
exec /usr/local/libexec/dovecot/auth -k




More information about the dovecot mailing list