[Dovecot] Kerberos GSSAPI - proper item name in keytab
Stanislav Klinkov
klinkov at yandex.ru
Wed Aug 31 16:35:52 EEST 2011
> How did you generate those keys and put them into krb5.keytab?
I logged onto my domain controller via RDP and issued the following
commands:
**************** keytabs generation *********************
ktpass -princ imap/efim.test.local at ROMASHKA.LAN -mapuser dovecot
-pass megasuperpassword -ptype KRB5_NT_SRV_HST -out imap.keytab
ktpass -princ pop/efim.test.local at ROMASHKA.LAN -mapuser dovecot
-pass megasuperpassword -ptype KRB5_NT_SRV_HST -out pop.keytab
ktpass -princ smtp/efim.test.local at ROMASHKA.LAN -mapuser dovecot
-pass megasuperpassword -ptype KRB5_NT_SRV_HST -out smtp.keytab
************************************************************
Then I moved "imap.keytab", "pop.keytab" and "smtp.keytab" onto my
dovecot server machine and merged them into single file with "ktutil":
************** ktutil commands **************
rkt imap.keytab
rkt pop.keytab
rkt smtp.keytab
wkt krb5.keytab
quit
************************************************
> Are you using Active Directory for Kerberos?
Yes, I am.
> and added the SPN for smtp using LDAP/setspn and used ktutil on the dovecot host to add an entry to my keytab with the same key and kvno
Sorry, I'm not sure in realizing what you mean. What is "LDAP/setspn"?
More information about the dovecot
mailing list