How did you generate those keys and put them into krb5.keytab? I logged onto my domain controller via RDP and issued the following commands:
**************** keytabs generation ********************* ktpass -princ imap/efim.test.local@ROMASHKA.LAN -mapuser dovecot -pass megasuperpassword -ptype KRB5_NT_SRV_HST -out imap.keytab
ktpass -princ pop/efim.test.local@ROMASHKA.LAN -mapuser dovecot -pass megasuperpassword -ptype KRB5_NT_SRV_HST -out pop.keytab
ktpass -princ smtp/efim.test.local@ROMASHKA.LAN -mapuser dovecot -pass megasuperpassword -ptype KRB5_NT_SRV_HST -out smtp.keytab
Then I moved "imap.keytab", "pop.keytab" and "smtp.keytab" onto my dovecot server machine and merged them into single file with "ktutil": ************** ktutil commands ************** rkt imap.keytab rkt pop.keytab rkt smtp.keytab wkt krb5.keytab quit
Are you using Active Directory for Kerberos? Yes, I am.
and added the SPN for smtp using LDAP/setspn and used ktutil on the dovecot host to add an entry to my keytab with the same key and kvno Sorry, I'm not sure in realizing what you mean. What is "LDAP/setspn"?