On 07/02/2013 12:03 PM, Viktor Dukhovni wrote: > On Tue, Jul 02, 2013 at 11:25:53AM -0400, Erinn Looney-Triggs wrote: > >> However, it still is not working. >> >> Running a debug_peer_list with the verbosity set to 2 against both a >> thunderbird client working with GSSAPI and the postfix client. It >> appears that GSSAPI is not even being tried by the postfix client. It >> negotiates the TLS session, is presented with GSSAPI as an auth option, >> and then it just attempts to send the message (MAIL FROM etc.). Whereas >> the thunderbird client does the GSSAPI negotiation (AUTH GSSAPI etc.). > > The destination needs to appear the smtp_sasl_password_maps database, > even when you're not using a password-based mechanism. This tells > Postfix to use SASL for the destination. > > [smtp.example.com]:587 gssapi:nopassword > > You naturally need to make sure that you've installed the GSSAPI > plugin for SASL and that smtp_sasl_mechanism_filter is set correctly. >
Viktor, Thanks for the help, after a lot more messing about, and debugging (Wietse, you the man for putting in debug_peer_list, very helpful) I finally got this working. All the constituent parts where there but the syntax for the sasl password maps database was incorrect (my fault), which client side debugging revealed as it wasn't matching the mail server host. I am going to write up a little how to for this and post it on up. Hopefully it will make folks lives easier if they decide to do this in the future. Thanks again, -Erinn
signature.asc
Description: OpenPGP digital signature
