Dovecot Configuration for access with GSSAPI / Kerberos

10 Jun 2014


      Hi Dovecot-Mailinglist!
I try to install a new Dovecot-Server with Kerberos-Authentification
(Kerberos-Server is already authenticating user-account ).
The following error-notice occurs when I use mail-programm Gnome
Evolution to access IMAP-Account:
"Ordner konnte nicht geöffnet werden (Folder can not be opened)
The reported error was "GSSAPI-Legitimation ist fehlgeschlagen".
(GSSAPI-Legitimation failed)
Is anybody able to help me???
Thanks in advance, Sandra
Dovecot Version: 2.1.17
Configuration:
auth_mechanisms = gssapi
auth_debug = yes
auth_gssapi_hostname = kerberosServer.domain
auth_realms = REALM
auth_default_realm = REALM
auth_krb5_keytab = /etc/krb5.keytab
auth_verbose = yes
disable_plaintext_auth = yes
userdb {
driver = static
args = uid=vmail gid=vmail
home=/service/mailServer_Kommunikations-Server/mails/%u
}
mail_location =
maildir:/service/mailServer_Kommunikations-Server/mails/imap/%
u/:INBOX=/service/mailServer_Kommunikations-Server/mails/maildir/%u
log_timestamp = "%Y-%m-%d %H:%M:%S "
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date ihave
protocols = imap pop3
ssl = no
service auth {
unix_listener /var/spool/postfix/private/auth_dovecot {
group = postfix
mode = 0660
user = postfix
}
unix_listener auth-master {
mode = 0600
user = mail
}
user = root
}
protocol pop3 {
pop3_uidl_format = %08Xu%08Xv
}
protocol lda {
auth_socket_path = /var/run/dovecot/auth-master
postmaster_address = root@mailServer.domain
}
mail_privileged_group = mail
Logfile:
2014-06-09T09:59:22.596608+02:00 highlands dovecot: auth: Debug: Loading
modules from directory: /usr/lib64/dovecot/modules/auth
2014-06-09T09:59:22.598243+02:00 highlands dovecot: auth: Debug: Module
loaded: /usr/lib64/dovecot/modules/auth/libdriver_mysql.so
2014-06-09T09:59:22.598559+02:00 highlands dovecot: auth: Debug: Loading
modules from directory: /usr/lib64/dovecot/modules/auth
2014-06-09T09:59:22.600354+02:00 highlands dovecot: auth: Debug: Module
loaded: /usr/lib64/dovecot/modules/auth/libmech_gssapi.so
2014-06-09T09:59:22.600982+02:00 highlands dovecot: auth: Debug: auth
client connected (pid=5770)
2014-06-09T09:59:22.602211+02:00 highlands dovecot: auth: Debug: client
in:
AUTH#0111#011GSSAPI#011service=imap#011session=E7rSlmL70wDAqEWd#011lip=mailServerIP#011rip=clientIP#011lport=143#011rport=46035
2014-06-09T09:59:22.602498+02:00 highlands dovecot: auth: Debug:
gssapi(?,clientIP,<E7rSlmL70wDAqEWd>): Obtaining credentials for
imap@dartmoor.outback
2014-06-09T09:59:22.610815+02:00 highlands dovecot: auth:
gssapi(?,clientIP,<E7rSlmL70wDAqEWd>): While acquiring service
credentials: Unspecified GSS failure.  Minor code may provide more
information
2014-06-09T09:59:22.611097+02:00 highlands dovecot: auth:
gssapi(?,clientIP,<E7rSlmL70wDAqEWd>): While acquiring service
credentials: No key table entry found matching imap/dartmoor.outback@
2014-06-09T09:59:24.113071+02:00 highlands dovecot: auth: Debug: client
passdb out: FAIL#0111#011temp
2014-06-09T09:59:24.113818+02:00 highlands dovecot: imap-login:
Disconnected (auth failed, 1 attempts in 2 secs): user=<>,
method=GSSAPI, rip=clientIP, lip=mailServerIP,
session=<E7rSlmL70wDAqEWd>

Sandra

tags

participants (1)