On 02/09/2011 04:17 PM, Timo Sirainen wrote:
> On Sat, 2011-02-05 at 20:49 -0700, Trever L. Adams wrote:
>> Timo, is it possible for you to add that "import_environment
>> =KRB5_KTNAME=/etc/dovecot/krb5.keytab KRB5CCNAME =/etc/dovecot/krb5.cc"
> So you've tried that doing this via auth.sh script th
On 02/05/2011 09:40 PM, Jason Gunthorpe wrote:
> On Sat, Feb 05, 2011 at 08:49:21PM -0700, Trever L. Adams wrote:
>
>>> Isn't it called KRB5CCNAME?
>> Yes. Some things (Amanda, at least from the directions, I haven't done
>> it yet) actually still use service principals which are KRB5_KTNAME. For
>
:00
Subject: Re: [Dovecot] LDAP and GSSAPI problems
On Thu, 2011-02-10 at 01:17 +0200, Timo Sirainen wrote:
> (does this really need to be set over and over or can the master process
> set it and have the environment inherited... it has been a long time
> since I did any coding related
On Thu, 2011-02-10 at 01:17 +0200, Timo Sirainen wrote:
> > (does this really need to be set over and over or can the master process
> > set it and have the environment inherited... it has been a long time
> > since I did any coding related to environment variables accross forks,
> > etc.)?
>
> En
On Sat, 2011-02-05 at 20:49 -0700, Trever L. Adams wrote:
>
> Timo, is it possible for you to add that "import_environment
> =KRB5_KTNAME=/etc/dovecot/krb5.keytab KRB5CCNAME =/etc/dovecot/krb5.cc"
So you've tried that doing this via auth.sh script that sets those
before calling dovecot/auth works
On Sat, Feb 05, 2011 at 08:49:21PM -0700, Trever L. Adams wrote:
> >> It appears that the script you recommended doesn't do the trick. Does
> >> /usr/libexec/dovecot/auth clear the environment. Even doing it manually
> >> from the command line the openldap stuff doesn't seem to pick up the
> >> KR
On 02/05/2011 06:35 PM, Jason Gunthorpe wrote:
> On Fri, Feb 04, 2011 at 12:57:11PM -0700, Trever L. Adams wrote:
>> On 02/02/2011 04:17 PM, Timo Sirainen wrote:
>>> It does set that, but only on first GSSAPI authentication. I guess it
>>> wouldn't hurt moving it to do it always. If that script hel
On Fri, Feb 04, 2011 at 12:57:11PM -0700, Trever L. Adams wrote:
> On 02/02/2011 04:17 PM, Timo Sirainen wrote:
> >
> > It does set that, but only on first GSSAPI authentication. I guess it
> > wouldn't hurt moving it to do it always. If that script helps you, I can
> > do this change.
> It appears
On 02/02/2011 04:17 PM, Timo Sirainen wrote:
>
> It does set that, but only on first GSSAPI authentication. I guess it
> wouldn't hurt moving it to do it always. If that script helps you, I can
> do this change.
It appears that the script you recommended doesn't do the trick. Does
/usr/libexec/dove
On Thu, Feb 03, 2011 at 01:17:02AM +0200, Timo Sirainen wrote:
> > Postfix (the other half of my solution -- though the version I am using
> > doesn't do SASL LDAP yet, but 2.9.x does) allows you, in the
> > configuration, to set what environment variables it should not unset and
> > even define ne
On Wed, 2011-02-02 at 16:13 -0700, Trever L. Adams wrote:
> > #!/bin/sh
> > export KRB5_KTNAME=/etc/dovecot/krb5.keytab
> > exec /usr/local/libexec/dovecot/auth -k
> I thought I saw a patch on the mailing list in 2007 that set KRB5_KTNAME
> if auth_krb5_keytab was set in the configuration. I guess
On 02/02/2011 02:38 PM, Timo Sirainen wrote:
> On Wed, 2011-02-02 at 14:29 -0700, Trever L. Adams wrote:
>> dn = smtp/mailhost.example@example.org
>> sasl_bind = yes
>> sasl_mech = GSSAPI
>> sasl_realm = EXAMPLE.ORG
>> sasl_authz_id = smtp/mailhost.example@example.org
> LDAP SASL authentica
On Wed, 2011-02-02 at 14:29 -0700, Trever L. Adams wrote:
> dn = smtp/mailhost.example@example.org
> sasl_bind = yes
> sasl_mech = GSSAPI
> sasl_realm = EXAMPLE.ORG
> sasl_authz_id = smtp/mailhost.example@example.org
LDAP SASL authentication goes through Cyrus SASL library, nothing
Doveco
This is a continuation of a problem I have been having. Samba 4 has
recently changed to require binds. I need LDAP to verify users exist. I
am using Kerberos (GSSAPI) as the passdb. Samba can handle
GSSAPI/Kerberos SASL binds.
I have the following in my dovecot-ldap setup for userdb:
dn = smtp/ma
14 matches
Mail list logo
