Thanks to Timo, I have solved all but one of my problems. For back ground, I am using Samba4 as an AD. I have the userdb working from LDAP just fine and kerberos authenetication for dovecot's IMAP server working fine. The problem is using dovecot's SASL with postfix. I also have plain/login working in imap and smtp. Both use pam_krb5 through pam to authenticate clients that don't have kerberos, and for now smtp. When trying to do smtp kerberos, I get the following:
postfix/smtpd[6197]: warning: CLIENT_FQDN[CLIENT_IP]: request longer than 2048: AUTH GSSAPI ... dovecot: auth: Debug: client in: AUTH#0111#011GSSAPI#011service=smtp#011nologin#011lip=SERVER_IP#011rip=CLIENT_IP#011secured#011resp=<hidden> dovecot: auth: Debug: gssapi(?,CLIENT_IP): Obtaining credentials for s...@mailserver_fqdn dovecot: auth: gssapi(?,CLIENT_IP): While processing incoming data: Unspecified GSS failure. Minor code may provide more information dovecot: auth: gssapi(?,CLIENT_IP): While processing incoming data: Invalid message type postfix/smtpd[6197]: warning: CLIENT_FQDN[CLIENT_IP]: SASL GSSAPI authentication failed: dovecot: auth: Debug: client out: FAIL#0111 # klist -k /etc/dovecot/krb5.keytab Keytab name: WRFILE:/etc/dovecot/krb5.keytab KVNO Principal ---- -------------------------------------------------------------------------- 2 imap/mailserver_f...@domain_realm 2 smtp/mailserver_f...@domain_realm The client is Thunderbird. Any help would be greatly appreciated. I have made sure that the file has proper permissions. I have regenerated the smtp cert making suer the password is accurate. I have done everything I know to try. The only thing that I am guess remains is something is broken with Thunderbird's kerberos setup for smtp. Thank you very much, Trever
signature.asc
Description: OpenPGP digital signature
