[Dovecot] LDAP and GSSAPI problems
Timo Sirainen
tss at iki.fi
Wed Feb 2 23:38:55 EET 2011
On Wed, 2011-02-02 at 14:29 -0700, Trever L. Adams wrote:
> dn = smtp/mailhost.example.org at EXAMPLE.ORG
> sasl_bind = yes
> sasl_mech = GSSAPI
> sasl_realm = EXAMPLE.ORG
> sasl_authz_id = smtp/mailhost.example.org at EXAMPLE.ORG
LDAP SASL authentication goes through Cyrus SASL library, nothing
Dovecot can do about it, except for me to write my own LDAP library.
> Additionally, I have "auth_krb5_keytab = /etc/dovecot/krb5.keytab" setup
> for the GSSAPI user login.
So this setting is never used. If that's the problem, you could try if
you can work around it in a bit kludgy way:
service auth {
executable = /usr/local/bin/auth-wrapper.sh
}
Which contains:
#!/bin/sh
export KRB5_KTNAME=/etc/dovecot/krb5.keytab
exec /usr/local/libexec/dovecot/auth -k
More information about the dovecot
mailing list