[Dovecot] gssapi problems (postfix sasl through dovecot, dovecot imap working fine)
Trever L. Adams
trever.adams at gmail.com
Tue Oct 19 17:42:52 EEST 2010
On 10/19/2010 07:56 AM, Trever L. Adams wrote:
> On 10/19/2010 06:16 AM, Trever L. Adams wrote:
>> Samba4 doesn't automatically set the userPrincipalName to
>> imap/f.q.d.n at REALM or smtp/f.q.d.n at REALM when setting up an SPN. This
>> was the problem. For some reason it works fine for imap but not smtp.
>>
>> I have reported this as a possible bug to Samba4. I am documenting it
>> here in case someone else has problems.
>>
>> Trever
>
Ok, so it is documented for others. It appears that it is a "bug" in
Thunderbird due to the windows PAC in the kerberos ticket. Assuming you
have followed instructions elsewhere and userPrincipalName is set
properly in the AD, make sure you have the right line_length_limit for
postfix.
If you are using dovecot sasl with postfix and are using Thunderbird in
Windows (part of an AD domain) and using smtp kerberos authentication,
make sure you have line_length_limit = 2176 in postfix's main.cf.
Thanks to Wietse for his help.
Trever
--
"It is difficult to legislate morality in the absence of moral
legislators." -- Unknown
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
Url : http://dovecot.org/pipermail/dovecot/attachments/20101019/45ff075f/attachment.bin
More information about the dovecot
mailing list