IMAP frontend authenticating proxy with GSSAPI/Kerberos SSO
Gert van Dijk
gertvdijk+dovecot at gmail.com
Thu Aug 1 17:24:06 EEST 2019
On Thu, Aug 1, 2019 at 3:42 PM Timo Sirainen <timo at sirainen.com> wrote:
>
> On 1 Aug 2019, at 12.26, Gert van Dijk via dovecot <dovecot at dovecot.org> wrote:
> >
> > passdb {
> > args = proxy=y host=127.0.0.1 port=1143 pass=#hidden_use-P_to_show#
> ..
> > auth: Info: static(username,1.2.3.4,<9WOjSwWP8toKAAYE>): No password
> > returned (and no nopassword)
>
> I think this is why it's not using the passdb at all. Try adding password=something to the args.
Thanks for your quick reply.
passdb {
driver = static
args = proxy=y host=127.0.0.1 port=1143 pass=masterpass password=something
}
indeed does the trick:
imap-login: Info: proxy(username): started proxying to
127.0.0.1:1143: user=<username>, method=GSSAPI, rip=1.2.3.4,
lip=9.9.9.9, TLS, session=<iJvnvg6P8KEKAAYE>
Also nopassword=y instead of password=something works, which I think
is even better.
I was also able to remove the mail_location / mail_uid / mail_gid settings. :-)
Thanks a million!
(I now have a new error, listing subfolders errors in IMAP clients. Oh well...,
another thing to dive in another time.)
Gert van Dijk
More information about the dovecot
mailing list