Dovecot Configuration for access with GSSAPI / Kerberos

Sandra Leuchtfeuer18 at gmx.de
Tue Jun 10 07:17:04 UTC 2014


Hi Dovecot-Mailinglist!

I try to install a new Dovecot-Server with Kerberos-Authentification
(Kerberos-Server is already authenticating user-account ).
The following error-notice occurs when I use mail-programm Gnome
Evolution to access IMAP-Account:

"Ordner konnte nicht geöffnet werden (Folder can not be opened)

The reported error was "GSSAPI-Legitimation ist fehlgeschlagen".
(GSSAPI-Legitimation failed)

Is anybody able to help me???

Thanks in advance, Sandra

Dovecot Version: 2.1.17

Configuration:

auth_mechanisms = gssapi
auth_debug = yes
auth_gssapi_hostname = kerberosServer.domain
auth_realms = REALM
auth_default_realm = REALM
auth_krb5_keytab = /etc/krb5.keytab
auth_verbose = yes
disable_plaintext_auth = yes
userdb {
  driver = static
  args = uid=vmail gid=vmail
home=/service/mailServer_Kommunikations-Server/mails/%u
}
mail_location =
maildir:/service/mailServer_Kommunikations-Server/mails/imap/%
u/:INBOX=/service/mailServer_Kommunikations-Server/mails/maildir/%u
log_timestamp = "%Y-%m-%d %H:%M:%S "
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date ihave
protocols = imap pop3
ssl = no
service auth {
  unix_listener /var/spool/postfix/private/auth_dovecot {
    group = postfix
    mode = 0660
    user = postfix
  }
  unix_listener auth-master {
    mode = 0600
    user = mail
  }
  user = root
}
protocol pop3 {
  pop3_uidl_format = %08Xu%08Xv
}
protocol lda {
  auth_socket_path = /var/run/dovecot/auth-master
  postmaster_address = root at mailServer.domain
}
mail_privileged_group = mail

Logfile:

2014-06-09T09:59:22.596608+02:00 highlands dovecot: auth: Debug: Loading
modules from directory: /usr/lib64/dovecot/modules/auth
2014-06-09T09:59:22.598243+02:00 highlands dovecot: auth: Debug: Module
loaded: /usr/lib64/dovecot/modules/auth/libdriver_mysql.so
2014-06-09T09:59:22.598559+02:00 highlands dovecot: auth: Debug: Loading
modules from directory: /usr/lib64/dovecot/modules/auth
2014-06-09T09:59:22.600354+02:00 highlands dovecot: auth: Debug: Module
loaded: /usr/lib64/dovecot/modules/auth/libmech_gssapi.so
2014-06-09T09:59:22.600982+02:00 highlands dovecot: auth: Debug: auth
client connected (pid=5770)
2014-06-09T09:59:22.602211+02:00 highlands dovecot: auth: Debug: client
in:
AUTH#0111#011GSSAPI#011service=imap#011session=E7rSlmL70wDAqEWd#011lip=mailServerIP#011rip=clientIP#011lport=143#011rport=46035
2014-06-09T09:59:22.602498+02:00 highlands dovecot: auth: Debug:
gssapi(?,clientIP,<E7rSlmL70wDAqEWd>): Obtaining credentials for
imap at dartmoor.outback
2014-06-09T09:59:22.610815+02:00 highlands dovecot: auth:
gssapi(?,clientIP,<E7rSlmL70wDAqEWd>): While acquiring service
credentials: Unspecified GSS failure.  Minor code may provide more
information
2014-06-09T09:59:22.611097+02:00 highlands dovecot: auth:
gssapi(?,clientIP,<E7rSlmL70wDAqEWd>): While acquiring service
credentials: No key table entry found matching imap/dartmoor.outback@
2014-06-09T09:59:24.113071+02:00 highlands dovecot: auth: Debug: client
passdb out: FAIL#0111#011temp
2014-06-09T09:59:24.113818+02:00 highlands dovecot: imap-login:
Disconnected (auth failed, 1 attempts in 2 secs): user=<>,
method=GSSAPI, rip=clientIP, lip=mailServerIP,
session=<E7rSlmL70wDAqEWd>


More information about the dovecot mailing list