On Tue, Jul 02, 2013 at 11:25:53AM -0400, Erinn Looney-Triggs wrote:
> However, it still is not working.
>
> Running a debug_peer_list with the verbosity set to 2 against both a
> thunderbird client working with GSSAPI and the postfix client. It
> appears that GSSAPI is not even being tried by the postfix client. It
> negotiates the TLS session, is presented with GSSAPI as an auth option,
> and then it just attempts to send the message (MAIL FROM etc.). Whereas
> the thunderbird client does the GSSAPI negotiation (AUTH GSSAPI etc.).
The destination needs to appear the smtp_sasl_password_maps database,
even when you're not using a password-based mechanism. This tells
Postfix to use SASL for the destination.
[smtp.example.com]:587 gssapi:nopassword
You naturally need to make sure that you've installed the GSSAPI
plugin for SASL and that smtp_sasl_mechanism_filter is set correctly.
--
Viktor.
