Looking for GSSAPI config [was: Looking for NTLM config example]
Mark Foley
mfoley at ohprs.org
Tue Jun 28 05:48:29 UTC 2016
aki.tuomi at dovecot.fi wrote:
> As mentioned before, you can use ldap as userdb instead of static userdb. Username matching in AD environment should be done against userPrincipalName attribute.
Do you see any problem with my continuing to use:
userdb {
driver = passwd
}
... with gssapi? (providing I get other configs correct)
--Mark
-----Original Message-----
> Date: Tue, 28 Jun 2016 00:19:45 +0300 (EEST)
> From: aki.tuomi at dovecot.fi
> To: dovecot at dovecot.org
> Subject: Re: Looking for GSSAPI config [was: Looking for NTLM config example]
>
> > On June 28, 2016 at 12:02 AM Jan Jurkus <j.jurkus at gcecad-service.nl> wrote:
> >
> >
> > Hi,
> >
> > I'm not entirely happy with the static userdb, because of the
> > limitations with kerberos/pam, but this can of course be changed rather
> > easily. The hardest part is to get the SSO working.
> > One of the limitiations is stated here:
> > http://wiki.dovecot.org/UserDatabase/Static
> >
> > Postfix SMTP auth is using LMTP, reading from my notes.
> >
> > I hope you can get a clearer picture with this rather long and chaotic
> > reply.
> >
>
> As mentioned before, you can use ldap as userdb instead of static userdb. Username matching in AD environment should be done against userPrincipalName attribute.
>
> This should let you get rid of pam as well.
>
> ---
> Aki Tuomi
> Dovecot oy
>
> > --
> > Jan Jurkus | ICT Beheerder | GCE cad-service B.V.
> > Postbus 12, 3220 AA Hellevoetsluis
> > Daltonweg 9, 3225 LR Hellevoetsluis
> > tel: 0181-336955 | fax: 0181-311899
> > j.jurkus at gcecad-service.nl | www.gcecad-service.nl
More information about the dovecot
mailing list