> How did you generate those keys and put them into krb5.keytab? I logged onto my domain controller via RDP and issued the following commands:
**************** keytabs generation ********************* ktpass -princ imap/efim.test.lo...@romashka.lan -mapuser dovecot -pass megasuperpassword -ptype KRB5_NT_SRV_HST -out imap.keytab ktpass -princ pop/efim.test.lo...@romashka.lan -mapuser dovecot -pass megasuperpassword -ptype KRB5_NT_SRV_HST -out pop.keytab ktpass -princ smtp/efim.test.lo...@romashka.lan -mapuser dovecot -pass megasuperpassword -ptype KRB5_NT_SRV_HST -out smtp.keytab ************************************************************ Then I moved "imap.keytab", "pop.keytab" and "smtp.keytab" onto my dovecot server machine and merged them into single file with "ktutil": ************** ktutil commands ************** rkt imap.keytab rkt pop.keytab rkt smtp.keytab wkt krb5.keytab quit ************************************************ > Are you using Active Directory for Kerberos? Yes, I am. > and added the SPN for smtp using LDAP/setspn and used ktutil on the dovecot > host to add an entry to my keytab with the same key and kvno Sorry, I'm not sure in realizing what you mean. What is "LDAP/setspn"?
