Configure Dovecot for GSSAPI [formerly: Looking for GSSAPI config]

Mark Foley mfoley at ohprs.org
Mon Jul 4 07:23:30 UTC 2016 

On Mon, 4 Jul 2016 08:54:27 +0300 Aki Tuomi <aki.tuomi at dovecot.fi> wrote:

> > http://wiki2.dovecot.org/Authentication/Kerberos
>
> It has been now updated.

Excellent! That was quick!

Although, you used my actual local domain in your example: mail.hprs.local.  Not that I care,
no one can get to that, but it might be clearer to those of us who uncomprehendingly
monkey-type things from wiki's when we don't fully understand.  Perhaps something more generic
would be clearer: myhost.myrealm, or myhost.mydom.local, or myLocalFDQN -- something like that.
Not sure what is best; just don't want to imply that they HAVE TO use mail.hprs.local.

> I had a look at the NTLM mechanism, it *should* support SSP and NTLMv2.
> I have to set up some kind of test environment to find out why it bugs.

I'm going to give my brain a rest for a bit before I resume tilting at the NTML windmill! I'll
check back with the list to see if you've come up with anything.

> Aki

Again, thanks for all your help.

--Mark

-----Original Message-----
> Subject: Re: Configure Dovecot for GSSAPI [formerly: Looking for GSSAPI config]
> To: dovecot at dovecot.org
> From: Aki Tuomi <aki.tuomi at dovecot.fi>
> Organization: Dovecot Oy
> Date: Mon, 4 Jul 2016 08:54:27 +0300

>
> On 04.07.2016 07:44, Mark Foley wrote:
> > After a over a year and a half struggling to get Dovecot to do either NTLM or GSSAPI
> > authentication with Samba4 AD/DC, I believe I've finally got it! Thanks to all those in this
> > list who helped: Jan Jurkus, Edgar Pettijohn, Gregory Sloop, Tom Talpey especially Aki Tuomi;
> > and infinite thanks to Achim Gottinger on the SambaList for his patience in working this
> > through with me.  Although my purpose was for Dovecot to authenticate mail clients, the
> > configuration settings needed were on the Samba side.  I hope a variation of these instructions
> > can eventually make it into:
> >
> > http://wiki2.dovecot.org/Authentication/Kerberos
> >
> >
>
> It has been now updated.
>
> I had a look at the NTLM mechanism, it *should* support SSP and NTLMv2.
> I have to set up some kind of test environment to find out why it bugs.
>
> Aki
>

More information about the dovecot mailing list