Hi all,
We have 2 mail servers sitting behind linux-HA machines.The mail servers are currently running dovecot 1.0rc2.
Looking to enable GSSAPI authentication, I exported krb keytabs for imap/node01.domain@REALM and imap/node02.domain@REALM for both mail servers.
However, clients are connecting to mail.domain.com, which results in a mismatch as far as the keytab is concerned (and rightly so). Connections directly to node01 and node02 work fine for gssapi auth.
I proceeded to export a key for mail.domain.com into the same keytab for both the nodes, however, I don't think more than a single key is checked for the imap service, and authentication errors continued.
Is anybody running something similar? Could you please explain how you have this working on your end?
Appreciate any help.
Regards,
Mustafa A. Hashmi mahashmi@gmail.com