I just resolved issue by changing hostname in client configuration.
Saslauthd cannot authenticate with gssapi if I use secondary kerberos
principal service alias. I chaned smtp.aegisnet.eu to mx0.aegisnet.eu
(mx0.aegisnet.eu is primary kerberos principal alias of service name) as
outgoing server (dovecot instance with imap is working fine with service
aliases) and saslauthd began to work.
On 03/10/17 13:20, Anvar Kuchkartaev wrote:
The dovecot instance set up with auth_realms and auth_default_realm
variables and it is working well. In saslauthd configurations setting
same variables giving configuration parsing error (I think it is not
right way to configure kerberos realm in saslauthd). However
testsaslauthd working without any problems even if I don't specify
realm parameter from command line.
On 03/10/17 06:17, Trever L. Adams wrote:
On 10/02/2017 07:00 PM, Anvar Kuchkartaev wrote:
Hello I just finished setting up FreeIPA with Dovecot + Postfix +
Saslauthd. I can easily access to mails using imap via dovecot with
gssapi authentication and postfix also delivering mails very well.
But I cannot send email from postfix using gssapi authentication
(plain and login authentication working fine) because saslauthd is
not specifying realm when requesting service from freeipa domain.
warning: SASL authentication failure: GSSAPI Error: Unspecified GSS
failure. Minor code may provide more information (No key table
entry found matching smtp/mx0.aegisnet.eu@)
right form of request is smtp/mx0.aegisnet...@aegisnet.eu
I googled alot but couldn't find any solution to solve this problem.
How to configure saslauthd well that it will use realm to contact
with freeipa.
Best Regards...
You may need to consider setting auth_realms and/or auth_default_realm.
I saw something similar without such being set.
Trever
