[Dovecot] Kerberos Cross-Real username
Hi List,
Is anyone is running Dovecot with Kerberos and tried to authenticate user from different REALM and have same user principal with default domain. Currently Dovecot only logs user principal w/o REALM. So before I go in production maybe somebody already run into this using Dovecot? If not I just create virtual machines and see how it behaves.
On Tue, 2009-12-15 at 14:37 +0300, Nikolay Shopik wrote:
Is anyone is running Dovecot with Kerberos and tried to authenticate user from different REALM and have same user principal with default domain. Currently Dovecot only logs user principal w/o REALM. So before I go in production maybe somebody already run into this using Dovecot? If not I just create virtual machines and see how it behaves.
I don't know much about Kerberos, but in v1.2 there are several changes to cross-realm auth that should make it work better. Are you using v1.2?
On 15.12.2009 21:58, Timo Sirainen wrote:
On Tue, 2009-12-15 at 14:37 +0300, Nikolay Shopik wrote:
Is anyone is running Dovecot with Kerberos and tried to authenticate user from different REALM and have same user principal with default domain. Currently Dovecot only logs user principal w/o REALM. So before I go in production maybe somebody already run into this using Dovecot? If not I just create virtual machines and see how it behaves.
I don't know much about Kerberos, but in v1.2 there are several changes to cross-realm auth that should make it work better. Are you using v1.2?
Hello Timo,
For now I'm on 1.0.15 but plan migrate to 1.2.8 very soon. I believe you are talking about auth_default_realm, auth_realms parameters in dovecot.conf?
On Tue, 2009-12-15 at 22:01 +0300, Nikolay Shopik wrote:
I don't know much about Kerberos, but in v1.2 there are several changes to cross-realm auth that should make it work better. Are you using v1.2?
Hello Timo,
For now I'm on 1.0.15 but plan migrate to 1.2.8 very soon. I believe you are talking about auth_default_realm, auth_realms parameters in dovecot.conf?
No, GSSAPI doesn't use those settings. I'm just talking about some internal non-configurable code changes that apparently have helped several people to get cross-realm auth working.
On 15.12.2009 22:09, Timo Sirainen wrote:
On Tue, 2009-12-15 at 22:01 +0300, Nikolay Shopik wrote:
I don't know much about Kerberos, but in v1.2 there are several changes to cross-realm auth that should make it work better. Are you using v1.2?
Hello Timo,
For now I'm on 1.0.15 but plan migrate to 1.2.8 very soon. I believe you are talking about auth_default_realm, auth_realms parameters in dovecot.conf?
No, GSSAPI doesn't use those settings. I'm just talking about some internal non-configurable code changes that apparently have helped several people to get cross-realm auth working.
Upgraded to 1.2.8 and find out problem lies actually in client app(Thunderbird) not in Dovecot. It basically sends only user principal.
participants (2)
-
Nikolay Shopik
-
Timo Sirainen