Kerberos/GSSAPI auth weirdness?
r3pek
r3pek at r3pek.org
Wed Dec 14 12:50:53 UTC 2022
Hi list!
I'm migrating my server into a new REALM (INT.R3PEK.ORG) from an old one
(R3PEK.ORG). This is a completely new install and configuration, so no
leftovers exits.
The machine is correctly register into the REALM and users are able to
login without a problem.
Now, when I try to login using a Kerberos ticket, for some reason that I
can't understand, dovecot is looking for a ticket on the old REALM.
Maybe because of the email domain (which stayed the same)? This is the
error message I see on the clients:
"Failed to authenticate: Server krbtgt/R3PEK.ORG at INT.R3PEK.ORG"
The one it should be looking for is krbtgt/INT.R3PEK.ORG at INT.R3PEK.ORG,
but I can't seem to figure out where the problem is.
# doveconf | grep -i realm
auth_default_realm = INT.R3PEK.ORG
auth_realms = INT.R3PEK.ORG
What do I need to change to make this work?
More information about the dovecot
mailing list