[Dovecot] How to grant a kerberos ticket after successful imap authentication from dovecot

[André Rodier]

Hello everybody,

I hope this question is appropriate for this list. Apologies if not.

I am running a set of virtual machines under debian 6, to build a 
mail/collaboration server. I am mainly using dovecot, postfix, openldap 
and heimdal. Mails are stored using maildir, on a NFSv4 share.

My users are system users, but using LDAP and libpam-ldap and 
libnss-ldap for caching credentials information.

Everything is working as expected, well, /almost/.

Since NFS is using kerberos, by defaults, my users are not able to 
access their mail storage if they have not received their kerberos ticket.

For instance, if I do nothing, this is the errors I have from dovecot 
when trying to logon using any imap client:

    Mar 31 09:33:07 titan dovecot: imap-login: Login: user=,
    method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
    Mar 31 09:33:07 titan dovecot: dovecot: Fatal:
    chdir(/home/emails/team/arodier/) failed: Permission denied
    (euid=1003(arodier) egid=1001(red2team) missing +x perm: /home/emails)
    Mar 31 09:33:07 titan dovecot: dovecot: child 5089 (imap) returned
    error 89 (Fatal failure)

However, if I just login on a console for the user "/arodier/", I see 
that I have received a ticket, and I can see it with klist:

    Credentials cache: FILE:/tmp/krb5cc_1001_ywvktf
    Principal: arodier at RED2.SRV

    Issued Expires Principal
    Mar 31 09:25:55 Mar 31 19:25:53 krbtgt/RED2.SRV at RED2.SRV
    Mar 31 09:25:57 Mar 31 19:25:53 nfs/ananke.red2.srv at RED2.SRV

Once I have simply logged myself on a console, I can access my emails 
using any IMAP client.

The question is:
How should I configure libpam (or dovecot ?) to initialise/receive a 
kerberos ticket after successful authentication ?

Thanks for your answers.