[Dovecot] Problems setting up dovecot 2.0.1 with kerberos auth
Andre
am at am.cx
Tue Sep 7 10:32:09 EEST 2010
Il giorno 06/set/2010, alle ore 21.44, Dirk Heinrichs ha scritto:
> Am 06.09.2010 21:30, schrieb Dirk Heinrichs:
>> Am 06.09.2010 20:09, schrieb Dirk Heinrichs:
>>
>>> Looks like "$ALL" was the way to go, since at least I get the imap/
>>> ticket now. However, login still fails:
>>
>> I also get the tickets with auth_gssapi_hostname = oldbox.altum.de, but
>> doesn't make a difference.
>
> But changing permissions of the kerberos keytab did. After chmod 644
> /etc/krb5.keytab login succeeded.
>
> Bye...
>
> Dirk
>
When I saw the message “Permission denied” in a previous mail I immediately thought of permissions of krb5.keytab.
Rememeber that, about what concerns security, it could be not good to chmod 644 keytab. Instead you can create another keytab containing principals for imap service, put it in dovecot directory (for example), give it correct permissions and ownership and change “auth_krb5_keytab” value to point to the new keytab file.
Bye
Andre
More information about the dovecot
mailing list