Hi, I have a Dovecot (IMAP only) and Postfix (SMTP) based mail server. User names, mailbox settings and password hashes are loaded from a PostgreSQL database. The users use Thunderbird on the desktop and K9mail or Apple Mail on mobile phones. This works fine since a few years.
Now I'd like to introduce Single Sign On with Thunderbird to ease up the deployment of clients systems. (No more manual mail password entry.) Users log in on a Samba AD domain, e.g.: johndoe@ad.example.internal. The mail addresses (and equally auth user names for Dovecot) are in the format: john...@example.org Up to now users have different passwords for AD and mail. These systems are not integrated. I have two related questions concerning that: First question: How can I map between these on the Dovecot side? There are no mailboxes or auth users like "johndoe@ad.example.internal". Instead, the public domain (e.g. example.org) is used for the mail system. Up to now the mail server doesn't know anything about the Samba domain and has nothing to do with that. Second question: Can I allow GSSAPI auth for intranet users only (e.g. 192.168.42.0/24)? My Internet router forwards the IMAP and SMTP ports to the mail server to allow the mobiles phones to connect to it. But it doesn't make sense to offer GSSAPI auth for Internet users from all over the world. Isn't that somewhat risky? All the M$ish AD stuff feels somewhat Mystery Meat like for me... Thank you very much for all input and help you can provide! Yours, Reg _______________________________________________ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
