[Dovecot] Dove cot+Kerberos
Hi All. I have a problem with authorization users AD via kerberos in Dovecot&Postfix. Windows SRV 2008 Standart - AD mail server: Gentoo + cyrus-sasl + postfix + dovecot with support ldap&kerberos. I am created a 4 keytabs on Windows box.
C:\Users\Admin>ktpass -princ host/srv-mail.cn.energy@CN.ENERGY -mapuser ldapmail@CN.ENERGY -pass "superpasswd" -crypto RC4-HMAC-NT -ptype KRB5_NT_PRINCIPAL -out c:\mail.keytab
etc... for all
imap/srv-mail.cn.energy pop/srv-mail.cn.energy smtp/srv-mail.cn.energy host/srv-mail.cn.energy
On Linux server: ktutils ktutils: rkt /root/Keytab/imap.keytab ktutils: rkt /root/Keytab/smtp.keytab ktutils: rkt /root/Keytab/pop.keytab ktutils: rkt /root/Keytab/host.keytab ktutils: wrt /etc/krb5.keytab ktutils: q
kinit -V -k -t /etc/krb5.keytab host/srv-mail.cn.energy@CN.ENERGY Authenticated to Kerberos v5
KRB5_KTNAME=/etc/krb5.keytab ; export KRB5_KTNAME
TESTING: imtest srv-mail ERROR: Mar 10 08:27:23 srv-mail dovecot: auth(default): auth(?,10.0.0.5): Invalid username: host/srv-mail.cn.energy@CN.ENERGY Mar 10 08:27:23 srv-mail dovecot: auth(default): gssapi(?,10.0.0.5): authn_name: Username contains disallowed character: 0x2f Why username "host/srv-mail.cn.energy@CN.ENERGY" ???
imtest -m GSSAPI -u ross -a ross -r cn.energy srv-mail ERROR: Mar 10 08:31:55 srv-mail dovecot: auth(default): auth(?,10.0.0.5): Invalid username: host/srv-mail.cn.energy@CN.ENERGY Mar 10 08:31:55 srv-mail dovecot: auth(default): gssapi(?,10.0.0.5): authn_name: Username contains disallowed character: 0x2f
BUT if i create kinit ross@CN.ENERGY imtest srv-mail ERROR: srv-mail dovecot: auth(default): gssapi(ross@CN.ENERGY,10.0.0.5): Invalid response length
So i am confusion, please help me. many thanks
-- Best Regards Ross Remote Server Administration. e-mail: ross.sysadm@gmail.com skype: ross.sysadm icq: 317410068 Best Offers for a full range of server management services and effective on time solutions.
On Thu, 2011-03-10 at 08:36 +0200, Rostislav Matyusha wrote:
Mar 10 08:27:23 srv-mail dovecot: auth(default): gssapi(?,10.0.0.5): authn_name: Username contains disallowed character: 0x2f Why username "host/srv-mail.cn.energy@CN.ENERGY" ???
I have no idea about anything related to Kerberos, but if the problem is the "disallowed character", you can avoid that by adding the character (in this case '/') to auth_username_chars setting.
participants (2)
-
Rostislav Matyusha
-
Timo Sirainen