On 31.12.2012, at 2.26, Ben Morrow wrote:
> I've been wondering for a while about patching Dovecot to support its
> own krb5 ACL file under the Dovecot directory, not least because it
> would be useful to be able to give a principal IMAP access without
> necessarily giving it shell access, but it
At 4PM +0100 on 28/12/12 you (Jörg Herzinger) wrote:
> Hi, we are currently moving our mailserver to a new server with Dovecot,
> virtual users in LDAP, Passwords in Kerberos Setup. Everything works
> fine except for GSSAPI which seems to be a bit buggy.
>
> The thing is, that when using a .k5l
Hi, we are currently moving our mailserver to a new server with Dovecot,
virtual users in LDAP, Passwords in Kerberos Setup. Everything works
fine except for GSSAPI which seems to be a bit buggy.
The thing is, that when using a .k5login [1] file it seems that SASL
does not get passed the home
On Aug 31, 2011, at 4:39 PM, Jason Gunthorpe wrote:
> On Wed, Aug 31, 2011 at 09:28:50AM -0600, Trever L. Adams wrote:
>
>> I have only followed part of this. It the original poster's problem is
>> that the LDAP database is not being able to be accessed with an SPN
>> ticket, this is because SPN
On Wed, 31 Aug 2011 14:39:56 -0600
Jason Gunthorpe articulated:
> On Wed, Aug 31, 2011 at 09:28:50AM -0600, Trever L. Adams wrote:
>
> > I have only followed part of this. It the original poster's problem
> > is that the LDAP database is not being able to be accessed with an
> > SPN ticket, this
On Wed, Aug 31, 2011 at 09:28:50AM -0600, Trever L. Adams wrote:
> I have only followed part of this. It the original poster's problem is
> that the LDAP database is not being able to be accessed with an SPN
> ticket, this is because SPNs are not allowed to log in in AD. You need
> to use a user a
On 08/31/2011 10:30 AM, Nikolay Shopik wrote:
>
> Can you do kinit -k imap/imap/efim.test.lo...@romashka.lan and then
> klist, does it work for you?
>
> I do recommend tcpdump kerberos traffic between your client and
> server, this is usually helps me much better then any logging, flow
> easy to re
On 31.08.2011 18:55, Stanislav Klinkov wrote:
Thank you for sharing a very interesting experience, David.
It seemed like running ktpass multiple times invalidated the previous keytabs.
OK. Let us assume. But then how can you explain the fact that the
setting<> in dovecot config solves all
me
On Aug 31, 2011, at 10:55 AM, Stanislav Klinkov wrote:
>
> Thank you for sharing a very interesting experience, David.
>
>> It seemed like running ktpass multiple times invalidated the previous
>> keytabs.
> OK. Let us assume. But then how can you explain the fact that the
> setting <> in dovec
On 08/31/2011 07:35 AM, Stanislav Klinkov wrote:
>
>
>> and added the SPN for smtp using LDAP/setspn and used ktutil on the dovecot
>> host to add an entry to my keytab with the same key and kvno
> Sorry, I'm not sure in realizing what you mean. What is "LDAP/setspn"?
>
>
I have only followed part
Thank you for sharing a very interesting experience, David.
> It seemed like running ktpass multiple times invalidated the previous keytabs.
OK. Let us assume. But then how can you explain the fact that the
setting <> in dovecot config solves all
mentioned troubles at once?
As well I just have r
On Aug 31, 2011, at 9:35 AM, Stanislav Klinkov wrote:
>
>> How did you generate those keys and put them into krb5.keytab?
> I logged onto my domain controller via RDP and issued the following
> commands:
>
> keytabs generation *
> ktpass -princ imap/efim.tes
> How did you generate those keys and put them into krb5.keytab?
I logged onto my domain controller via RDP and issued the following
commands:
keytabs generation *
ktpass -princ imap/efim.test.lo...@romashka.lan -mapuser dovecot
-pass megasuperpassword -ptype
On Aug 31, 2011, at 8:27 AM, Stanislav Klinkov wrote:
>
>> Why such hostility?
>
> I beg you pardon, sir. Nothing personal, but to the question like "My
> car does not move" you provide the answer "Try to wipe screen and kick
> wheels". How do you think, if one digs into source code, has not he
> Why such hostility?
I beg you pardon, sir. Nothing personal, but to the question like "My
car does not move" you provide the answer "Try to wipe screen and kick
wheels". How do you think, if one digs into source code, has not he
attempted more simple ways? Yes, I have read the manuals and wiki'
On 08/30/2011 12:50 PM, Nikolay Shopik wrote:
On 30.08.2011 9:24, Stanislav Klinkov wrote:
Your principial in keytab should look like this -
imap/mail.example@example.com
Make sure your realm name are all CAPS, otherwise it won't work.
Thank you, Captain Obvious.
Why such hostility? A
On 30.08.2011 9:24, Stanislav Klinkov wrote:
Your principial in keytab should look like this -
imap/mail.example@example.com
Make sure your realm name are all CAPS, otherwise it won't work.
Thank you, Captain Obvious.
Why such hostility? A lot people miss that, nothing special here. And
> Your principial in keytab should look like this -
> imap/mail.example@example.com
> Make sure your realm name are all CAPS, otherwise it won't work.
Thank you, Captain Obvious.
On 29.08.2011 17:39, Stanislav Klinkov wrote:
So, according to source code, Dovecot tries to find in krb5.keytab a
principal named "imap@hostname". However wiki says to create the
principal named "imap/hostname@REALM".
Please, clarify where is the error: in source code, in wiki, or I have
misund
Hello, ALL.
I am trying to organize a transparent single sign-on concept for my
Active Directory users into Dovecot via IMAP. On the user's desktop I
use Thunderbird 6.0 as a mail client (MUA), Windows XP as an operating
system. Domain is controlled by Windows 2008 Server SP2 with Active
Directory
On 15.12.2009 22:09, Timo Sirainen wrote:
On Tue, 2009-12-15 at 22:01 +0300, Nikolay Shopik wrote:
I don't know much about Kerberos, but in v1.2 there are several changes
to cross-realm auth that should make it work better. Are you using v1.2?
Hello Timo,
For now I'm on 1.0.15 but plan migra
On Tue, 2009-12-15 at 22:01 +0300, Nikolay Shopik wrote:
> > I don't know much about Kerberos, but in v1.2 there are several changes
> > to cross-realm auth that should make it work better. Are you using v1.2?
> >
>
> Hello Timo,
>
> For now I'm on 1.0.15 but plan migrate to 1.2.8 very soon. I be
On 15.12.2009 21:58, Timo Sirainen wrote:
On Tue, 2009-12-15 at 14:37 +0300, Nikolay Shopik wrote:
Is anyone is running Dovecot with Kerberos and tried to authenticate
user from different REALM and have same user principal with default
domain. Currently Dovecot only logs user principal w
On Tue, 2009-12-15 at 14:37 +0300, Nikolay Shopik wrote:
> Is anyone is running Dovecot with Kerberos and tried to authenticate
> user from different REALM and have same user principal with default
> domain. Currently Dovecot only logs user principal w/o REALM. So before
> I go in producti
Hi List,
Is anyone is running Dovecot with Kerberos and tried to authenticate
user from different REALM and have same user principal with default
domain. Currently Dovecot only logs user principal w/o REALM. So before
I go in production maybe somebody already run into this using Dovecot?
If
On Wed, Feb 18, 2009 at 10:33:09PM +0300, Nikolay Shopik wrote:
> I'm currently trying to configure Dovecot to use kerberos. My KDC is
> Windows 2003 and I successful generated keytab file for Dovecot machine.
> Problem is when I'm trying to use GSSAPI it told me
> Obtaining credentials for i...
Hi,
I'm currently trying to configure Dovecot to use kerberos. My KDC is
Windows 2003 and I successful generated keytab file for Dovecot machine.
Problem is when I'm trying to use GSSAPI it told me
Obtaining credentials for i...@debian5 - and of course this fails
because debian5 isn't KDC, it
On Thu, 2008-07-17 at 21:36 -0400, Bryan Jacobs wrote:
> In configure.in, there is a check that does `krb5-config --version |
> grep -v 1\.2`, making sure there is no "1.2" in the version of Kerberos
> in use. This is to prevent compiling against MIT Kerberos version 1.2,
> which is too old for Do
In configure.in, there is a check that does `krb5-config --version |
grep -v 1\.2`, making sure there is no "1.2" in the version of Kerberos
in use. This is to prevent compiling against MIT Kerberos version 1.2,
which is too old for Dovecot.
Unfortunately for this idea, Heimdal 1.2.1 is out. And
Currently you need to create a wiki account to edit it, because allowing
anonymous edits brings too much spam. I wish MoinMoin supported
captchas..
On Sun, 2007-03-18 at 20:58 +, forum wrote:
> Stupid question how do i edit page.
>
>
>
> Timo Sirainen wrote:
> > BTW. All you Kerberos people
Stupid question how do i edit page.
Timo Sirainen wrote:
BTW. All you Kerberos people, please add whatever is important in
Kerberos configuration to:
http://wiki.dovecot.org/Authentication/Kerberos
I've never used Kerberos, so what I wrote to that page was what I could
figure out from dovecot
BTW. All you Kerberos people, please add whatever is important in
Kerberos configuration to:
http://wiki.dovecot.org/Authentication/Kerberos
I've never used Kerberos, so what I wrote to that page was what I could
figure out from dovecot-example.conf and the source code.
signature.asc
Descriptio
I did do that and the only problem was that the /etc/hosts file was not
setup properly.
Thanks lads
David McBride wrote:
forum wrote:
Mar 18 01:34:31 bandicoot dovecot: auth(default):
gssapi(?,MYIPADDRESS): While acquiring service credentials: No
principal in keytab matches desired name
Y
forum wrote:
Mar 18 01:34:31 bandicoot dovecot: auth(default): gssapi(?,MYIPADDRESS):
While acquiring service credentials: No principal in keytab matches
desired name
You need to add an imap kerberos service principal to the server's keytab file.
Cheers,
David
--
David McBride <[EMAIL PROTEC
Hey all new to this crack
Ok so i have setup kerosene on my server i run mutt and it goes off and
gets kerberos key from server I have added teh gssapi to config file but
when the key seams to want to authenticate off dovecot it fail anyone
help me?
Mutt is returning
No authentication avail
35 matches
Mail list logo
