Dovecot SASL and GSSAPI (IPA)
Ranbir
m3freak at thesandhufamily.ca
Sun Dec 13 17:21:51 UTC 2015
Hi Everyone,
I'm currently using dovecot SASL in postfix and passwd-file in dovecot
for authenticating my users. I want to switch to using IPA instead.
I have both the postfix (mailman01) and dovecot (mailman02) servers
joined to the IPA domain. I have GSSAPI working in dovecot for IMAP.
But, the SASL GSSAPI authentication in postfix fails with this error:
warning: unknown[10.200.5.100]: SASL GSSAPI authentication failed:
This is what dovecot logs:
Dec 12 22:31:54 mailman02 dovecot: auth: Debug: auth client connected (pid=0)
Dec 12 22:31:54 mailman02 dovecot: auth: Debug: client in: AUTH 1 GSSAPI service=smtp nologin lip=10.200.9.14 rip=10.200.5.100 secured resp=<hidden>
Dec 12 22:31:54 mailman02 dovecot: auth: Debug: gssapi(?,10.200.5.100): Obtaining credentials for smtp at mailman02.theinside.rnr
Dec 12 22:31:54 mailman02 dovecot: auth: gssapi(?,10.200.5.100): While processing incoming data: Unspecified GSS failure. Minor code may provide more information
Dec 12 22:31:54 mailman02 dovecot: auth: gssapi(?,10.200.5.100): While processing incoming data: Wrong principal in request
Dec 12 22:31:56 mailman02 dovecot: auth: Debug: client passdb out: FAIL 1
I've tried changing the "smtpd_sasl_local_domain" in postfix's main.cf
file to "mailman02.theinside.rnr", but I get the same errors in dovecot
and postfix. Right now the config in postfix looks like this:
import_environment="KRB5_KTNAME=/etc/postfix/smtp.keytab"
smtpd_sasl_local_domain = mailman01.theoutside.rnr
Does what I'm trying to do make sense? If so, how do I fix it? Do I
have to stop using dovecot sasl in postfix and switch to cyrus sasl?
--
Ranbir
More information about the dovecot
mailing list