I don't know if there are any howto in the net, but I had it configured and working, so I will give you some little tips.
I tested this configuration on Fedora Core 3 and SuSE Prof. 9.2, with dovecot 0.99
Create a Linux user named "vmail" or similar (all virtual mailboxes will be in a dir. under this user's home or under a directory owned by this user).
Postfix side: you must use virtual mailbox delivery (one Linux user "vmail", multiple virtual mailboxes), see the Postfix distribution readme files (README_VIRTUAL if I remember well).
Dovecot side: use pam as password database and use static as user database (with same uid and gid as Postfix virtual mailbox user).
Pam side: in /etc/pam.d add/modify a "dovecot" file containing:
auth required pam_krb5.so no_user_check account required pam_permit.so
- Last: you must verify that you have installed Kerberos 5 clients and libraries, then edit your /etc/krb5.conf like this (CASE SENSITIVE!):
[libdefaults] clockskew = 300 default_realm = YOUR.AD.DOMAIN # default_etypes = des-cbc-crc # default_etypes_des = des-cbc-crc # dns_lookup_realm = false # dns_lookup_kdc = false
[realms] your.ad.domain = { kdc = your_dc_server.your.ad.domain default_domain = YOUR.AD.DOMAIN kpasswd_server = your_dc_server.your.ad.domain }
[domain_realm] .your.ad.domain = YOUR.AD.DOMAIN
[logging] default = SYSLOG:NOTICE:DAEMON kdc = FILE:/var/log/kdc.log kadmind = FILE:/var/log/kadmind.log
[appdefaults] pam = { ticket_lifetime = 1d renew_lifetime = 1d forwardable = true proxiable = false retain_after_close = false minimum_uid = 0 debug = false }
You can test Kerberos authentication with the command "kinit username@YOUR.AD.DOMAIN"
Good luck!
--
Ing. PAOLO BASENGHI :::: Systems & Networking Engineer p.basenghi@netribe.it ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ NETRIBE srl :: Collaborative E-Business 42100 :: Reggio Emilia :: Italy :: Via della Costituzione, 27/4 ph. +39 0522 232378 :: fax +39 0522 232386 :: http://www.netribe.it ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ Le informazioni contenute in questa comunicazione sono riservate e destinate esclusivamente alla/e persona/e o all'ente sopra indicati. È vietato ai soggetti diversi dai destinatari qualsiasi uso, copia, diffusione di quanto in esso contenuto sia ai sensi dell'art. 616 c.p., sia ai sensi della legge 196/2003. Se questa comunicazione vi è pervenuta per errore, vi preghiamo di rispondere a questa mail e successivamente cancellarla dal vostro sistema. ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Askar wrote:
hi list,
I'm just curious if someone succesfully done dovecotauthentication of Active directory and I will appreciage any link in this regards
Thanks
Askar