[Dovecot] gssapi problems (postfix sasl through dovecot, dovecot imap working fine)

Trever L. Adams trever.adams at gmail.com
Sat Oct 16 06:50:18 EEST 2010


 Thanks to Timo, I have solved all but one of my problems. For back
ground, I am using Samba4 as an AD. I have the userdb working from LDAP
just fine and kerberos authenetication for dovecot's IMAP server working
fine. The problem is using dovecot's SASL with postfix. I also have
plain/login working in imap and smtp. Both use pam_krb5 through pam to
authenticate clients that don't have kerberos, and for now smtp. When
trying to do smtp kerberos, I get the following:

postfix/smtpd[6197]: warning: CLIENT_FQDN[CLIENT_IP]: request longer
than 2048: AUTH GSSAPI ...
dovecot: auth: Debug: client in:
AUTH#0111#011GSSAPI#011service=smtp#011nologin#011lip=SERVER_IP#011rip=CLIENT_IP#011secured#011resp=<hidden>
dovecot: auth: Debug: gssapi(?,CLIENT_IP): Obtaining credentials for
smtp at MAILSERVER_FQDN
dovecot: auth: gssapi(?,CLIENT_IP): While processing incoming data:
Unspecified GSS failure.  Minor code may provide more information
dovecot: auth: gssapi(?,CLIENT_IP): While processing incoming data:
Invalid message type
 postfix/smtpd[6197]: warning: CLIENT_FQDN[CLIENT_IP]: SASL GSSAPI
authentication failed:
 dovecot: auth: Debug: client out: FAIL#0111

# klist -k /etc/dovecot/krb5.keytab
Keytab name: WRFILE:/etc/dovecot/krb5.keytab
KVNO Principal
----
--------------------------------------------------------------------------
   2 imap/MAILSERVER_FQDN at DOMAIN_REALM
   2 smtp/MAILSERVER_FQDN at DOMAIN_REALM

The client is Thunderbird.

Any help would be greatly appreciated. I have made sure that the file
has proper permissions. I have regenerated the smtp cert making suer the
password is accurate. I have done everything I know to try. The only
thing that I am guess remains is something is broken with Thunderbird's
kerberos setup for smtp.

Thank you very much,
Trever

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
Url : http://dovecot.org/pipermail/dovecot/attachments/20101015/8f3bb49a/attachment.bin 


More information about the dovecot mailing list