Hi,
I want to set up Postfix for authentication with a relay host using
GSSAPI.
I'm using the configuration proposed in
https://www.mail-archive.com/postfix-users@postfix.org/msg29041.html but
am now looking into using KRB5_CLIENT_KTNAME instead of KRB5CCNAME, as
this would enable me of usi
On Sat, Mar 01, 2025 at 08:28:08AM +0100, michael-dev via Postfix-users wrote:
> I want to set up Postfix for authentication with a relay host using GSSAPI.
>
> I'm using the configuration proposed in
> https://www.mail-archive.com/postfix-users@postfix.org/msg29041.html but am
> now looking into
Ok, Thank you for these useful clarifications
Samuel
Le lun. 4 oct. 2021 à 17:27, Viktor Dukhovni a
écrit :
> On Mon, Oct 04, 2021 at 04:34:39PM +0200, Sam R wrote:
>
> > Now it's working fine!
> >
> > I finally succeeded. I worked around by increasing only the value of the
> > line_length_limi
On Mon, Oct 04, 2021 at 04:34:39PM +0200, Sam R wrote:
> Now it's working fine!
>
> I finally succeeded. I worked around by increasing only the value of the
> line_length_limit option to 12288 ( same value as the default for
> smtpd_sasl_response_limit )
That's the right thing to do when the cl
Now it's working fine!
I finally succeeded. I worked around by increasing only the value of the
line_length_limit option to 12288 ( same value as the default for
smtpd_sasl_response_limit )
And create a specific keytab file containing the SPN (
/etc/postfix/smtp.keytab )
But I haven't thought ab
Good morning Viktor,
Thank you for all this information, I will do the necessary for the keytabs
right away.
Concerning the clients, it is Thunderbird under Windows 10, the AD server
being Samba4. I will try to see why the Kerberos ticket is so long. I don't
think the problem is with Thunderbird b
On Fri, Oct 01, 2021 at 12:47:29PM -0400, Viktor Dukhovni wrote:
> > -- basics --
> > Postfix: 3.5.6
>
> Since you're using Postfix 3.5, which by default supports long SASL
> messages after the initial response, your client is in violation of the
> SMTP SASL specification, and needs to have a bug
On Fri, Oct 01, 2021 at 04:17:03PM +0200, Sam R wrote:
> I added two keytab in /etc/krb5.keytab
There's your problem, the /etc/krb5.keytab file, given services like SSH
with GSSAPI authentication, contains secrets sufficient to login to the
host as any user, possibly including root.
N to GSSAPI ( in
/etc/postfix/sasl/smtpd.conf ) it doesn't work.
.
on another server I just testedThunderbird for GSSAPI authentication
against GSSAPI Dovecot imap service and it works.
As you are already familiar with the GSSAPI SASL Dovecot provider, why
did you not try to use it with
failure: GSSAPI Error: Unspecified GSS failure.
Minor code may provide more information (Success)
Oct 1 10:58:35 smtptest postfix/submission/smtpd[61932]: warning:
unknown[192.168.128.253]: SASL GSSAPI authentication failed:
authentication failure
Oct 1 10:58:35 smtptest postfix/submission/smtpd[6193
On Tue, Jul 3, 2012 at 12:29 PM, Viktor Dukhovni
wrote:
> On Tue, Jul 03, 2012 at 03:20:44PM -0400, Wietse Venema wrote:
>
>> > I thought this was working for me, but only due to a manual keytab I
>> > had setup as user postfix (default /tmp/krb5cc_89) for testing. For
>> > some reason postfix is
Viktor Dukhovni:
> On Tue, Jul 03, 2012 at 03:20:44PM -0400, Wietse Venema wrote:
>
> > > I thought this was working for me, but only due to a manual keytab I
> > > had setup as user postfix (default /tmp/krb5cc_89) for testing. For
> > > some reason postfix is not importing the two kerberos varia
On Tue, Jul 03, 2012 at 03:20:44PM -0400, Wietse Venema wrote:
> > I thought this was working for me, but only due to a manual keytab I
> > had setup as user postfix (default /tmp/krb5cc_89) for testing. For
> > some reason postfix is not importing the two kerberos variables.
> > postconf only rep
Stephen Ingram:
> On Fri, Apr 6, 2012 at 10:15 AM, Viktor Dukhovni
> wrote:
>
> ...snip...
>
> >
> > The cron solution is much simpler and more robust. There is no
> > supervisor process running, no need for the child to not exit, no
> > need to instrument postfix start-up by wrapping in kstart,
On Fri, Apr 6, 2012 at 10:15 AM, Viktor Dukhovni
wrote:
...snip...
>
> The cron solution is much simpler and more robust. There is no
> supervisor process running, no need for the child to not exit, no
> need to instrument postfix start-up by wrapping in kstart, ...
>
> Instead, there is a crede
On Fri, Apr 06, 2012 at 10:24:23AM -0700, Quanah Gibson-Mount wrote:
> >The cron solution is much simpler and more robust. There is no
> >supervisor process running, no need for the child to not exit, no
> >need to instrument postfix start-up by wrapping in kstart, ...
> >
> >Instead, there is a c
--On Friday, April 06, 2012 5:15 PM + Viktor Dukhovni
wrote:
On Fri, Apr 06, 2012 at 04:47:37PM +0300, Eray Aslan wrote:
On 2012-04-06 2:12 AM, Viktor Dukhovni wrote:
> The basic idea is to
> ensure that there is always a ticket in the client's credential
> cache. This is done via a cron
On Fri, Apr 06, 2012 at 04:47:37PM +0300, Eray Aslan wrote:
> On 2012-04-06 2:12 AM, Viktor Dukhovni wrote:
> > The basic idea is to
> > ensure that there is always a ticket in the client's credential
> > cache. This is done via a cron-job that runs "kinit -k ..." once
> > an hour.
>
> kstart/kre
Eray Aslan:
> On 2012-04-06 2:12 AM, Viktor Dukhovni wrote:
> > The basic idea is to
> > ensure that there is always a ticket in the client's credential
> > cache. This is done via a cron-job that runs "kinit -k ..." once
> > an hour.
>
> kstart/krenew should be able to do the work as well. Is th
On 2012-04-06 2:12 AM, Viktor Dukhovni wrote:
> The basic idea is to
> ensure that there is always a ticket in the client's credential
> cache. This is done via a cron-job that runs "kinit -k ..." once
> an hour.
kstart/krenew should be able to do the work as well. Is there any
particular reason
On Thu, Apr 05, 2012 at 02:40:16PM -0700, Stephen Ingram wrote:
> Reading through some very old posts on the list it seems as though,
> although not very popular, it is possible to perform authentication in
> Postfix using GSSAPI. Setting up the keytab for the smtpd server seems
> straightforward
Stephen Ingram:
> Reading through some very old posts on the list it seems as though,
> although not very popular, it is possible to perform authentication in
> Postfix using GSSAPI. Setting up the keytab for the smtpd server seems
> straightforward enough, however, I'm unsure what to do when it co
Reading through some very old posts on the list it seems as though,
although not very popular, it is possible to perform authentication in
Postfix using GSSAPI. Setting up the keytab for the smtpd server seems
straightforward enough, however, I'm unsure what to do when it comes
to the smtp or lmtp
Hi Viktor,On Dec 14, 2009, at 2:10 PM, Victor Duchovni wrote:On Mon, Dec 14, 2009 at 01:55:07PM -0500, Dennis Putnam wrote:You are correct, it was indeed SMTP.Which "SMTP"? The server "smtpd" (as I surmised) or the client "smtp"?Sorry. Server.I thought about that but I can't find any references to
On Mon, Dec 14, 2009 at 01:55:07PM -0500, Dennis Putnam wrote:
> You are correct, it was indeed SMTP.
Which "SMTP"? The server "smtpd" (as I surmised) or the client "smtp"?
> I thought about that but I can't find any references to it in the
> Postfx documentation.
Postfix does not implement SAS
;t see where to specify a path for it.Thanks.On Dec 14, 2009, at 1:17 PM, Victor Duchovni wrote:On Mon, Dec 14, 2009 at 08:54:32AM -0500, Dennis Putnam wrote:I am trying to upgrade to Postfix 2.5.5 and am having a problem with GSSAPI authentication. When I try to send mail, I get this error in the lo
On Mon, Dec 14, 2009 at 08:54:32AM -0500, Dennis Putnam wrote:
> I am trying to upgrade to Postfix 2.5.5 and am having a problem with GSSAPI
> authentication. When I try to send mail, I get this error in the log:
>
> warning: SASL authentication failure: GSSAPI Error: Unspecified
I am trying to upgrade to Postfix 2.5.5 and am having a problem with GSSAPI
authentication. When I try to send mail, I get this error in the log:
warning: SASL authentication failure: GSSAPI Error: Unspecified GSS failure.
Minor code may provide more information (Key table entry not found
28 matches
Mail list logo
