[Dovecot] Dove cot+Kerberos
Rostislav Matyusha
ross.sysadm at gmail.com
Thu Mar 10 08:36:36 EET 2011
Hi All.
I have a problem with authorization users AD via kerberos in
Dovecot&Postfix.
Windows SRV 2008 Standart - AD
mail server: Gentoo + cyrus-sasl + postfix + dovecot with support
ldap&kerberos.
I am created a 4 keytabs on Windows box.
C:\Users\Admin>ktpass -princ host/srv-mail.cn.energy at CN.ENERGY -mapuser
ldapmail at CN.ENERGY -pass "superpasswd" -crypto RC4-HMAC-NT -ptype
KRB5_NT_PRINCIPAL -out c:\mail.keytab
etc... for all
imap/srv-mail.cn.energy
pop/srv-mail.cn.energy
smtp/srv-mail.cn.energy
host/srv-mail.cn.energy
On Linux server:
ktutils
ktutils: rkt /root/Keytab/imap.keytab
ktutils: rkt /root/Keytab/smtp.keytab
ktutils: rkt /root/Keytab/pop.keytab
ktutils: rkt /root/Keytab/host.keytab
ktutils: wrt /etc/krb5.keytab
ktutils: q
kinit -V -k -t /etc/krb5.keytab host/srv-mail.cn.energy at CN.ENERGY
Authenticated to Kerberos v5
KRB5_KTNAME=/etc/krb5.keytab ; export KRB5_KTNAME
TESTING:
imtest srv-mail
ERROR:
Mar 10 08:27:23 srv-mail dovecot: auth(default): auth(?,10.0.0.5):
Invalid username: host/srv-mail.cn.energy at CN.ENERGY
Mar 10 08:27:23 srv-mail dovecot: auth(default): gssapi(?,10.0.0.5):
authn_name: Username contains disallowed character: 0x2f
Why username "host/srv-mail.cn.energy at CN.ENERGY" ???
imtest -m GSSAPI -u ross -a ross -r cn.energy srv-mail
ERROR:
Mar 10 08:31:55 srv-mail dovecot: auth(default): auth(?,10.0.0.5):
Invalid username: host/srv-mail.cn.energy at CN.ENERGY
Mar 10 08:31:55 srv-mail dovecot: auth(default): gssapi(?,10.0.0.5):
authn_name: Username contains disallowed character: 0x2f
BUT if i create kinit ross at CN.ENERGY
imtest srv-mail
ERROR:
srv-mail dovecot: auth(default): gssapi(ross at CN.ENERGY,10.0.0.5):
Invalid response length
So i am confusion, please help me.
many thanks
--
Best Regards
Ross
Remote Server Administration.
e-mail: ross.sysadm at gmail.com
skype: ross.sysadm
icq: 317410068
Best Offers for a full range of server management services and effective on time solutions.
More information about the dovecot
mailing list