Timo Sirainen wrote:
I really want to use kerberos/SPNEGO everywhere I can for various reasons. The LDAP would be for the configuration. Do you actually want the IMAP/POP3 clients to use Kerberos? For plaintext auth I don't see any benefit in Dovecot using Kerberos rather than LDAP (and it doesn't support that, except via pam_kerberos or whatever I guess). But for clients to use Kerberos (GSSAPI) and authenticate against AD while Dovecot is in the middle... I've no idea. I guess that's possible somehow. You have all of the Kerberos/GSSAPI/SPNEGO stuff done. It is just a matter of can I still have the configuration (for user directories, etc.) done in LDAP?
http://wiki.dovecot.org/Authentication/Mechanisms/Winbind?highlight=%28spneg... for the SNPEG/Kerberos
I am not using this via Plain Text. This is for AD and Kerberos domains. (Yes, I understand that if I want to do straight kerberos, I use http://wiki.dovecot.org/Authentication/Kerberos instead.
There's no great way to do this.. A couple of kludgy ways. Like chmod 01777 /var/mail. Or override mail_executable setting to a script that still runs as root and can create the directory with proper permissions. http://wiki.dovecot.org/PostLoginScripting Alright, I am going to have to find another way for this part. The other
But instead of userdb static, can it be userdb ldap or some such? part (Kerberos and LDAP together), I do need. LDAP for configuration, Kerberos (or NTLM in some cases for SPNEGO) for authentication.
Trever Adams