On 5/13/2010 1:50 PM, Victor Duchovni wrote: > On Thu, May 13, 2010 at 01:07:00PM -0400, Matt Hayes wrote: > >>> You'll also need keys for "host/<servername>@EXAMPLE.COM" where >>> "EXAMPLE.COM" is your AD Kerberos realm and "servername" is the hostname >>> of your Postfix SMTP server. These should be in /etc/krb5.keytab. >>> >> >> *bows before the master* > > Not necessary. If you don't have any experience setting up Unix systems > as Kerberos clients of Active Directory, this will take a bit of time > to figure out... Good luck! > > IF your Unix nodes are already Kerberos enabled, but Unix uses a different > realm, things can get a lot more complicated, since PAM will want to > authenticate users in the "local" realm, getting PAM to work in a > cross-realm environment is not something I've yet tried to do. >
I've never had to do this yet, but I'm sure in time I will. I'll definitely refer back to the archives for this thread though! -Matt
