Re: GSSAPI SMTPD Authentication and MS Active Directory

2013-04-25 Thread Viktor Dukhovni
On Thu, Apr 25, 2013 at 02:39:28PM -0700, Matthew Larsen wrote: > The gist of it is > > S: 220 mail.exch01.com ... > C: EHLO NETBIOSName > S: 250-mail.exch01.com Hello [ip.addr.of.client] | 250- ... several > items including AUTH GSSAPI NTLM LOGIN among others > C: AUTH gssapi ...long string

Re: GSSAPI SMTPD Authentication and MS Active Directory

2013-04-25 Thread Matthew Larsen
On 4/25/2013 1:02 PM, Viktor Dukhovni wrote: What evidence do you have that the server is "doing" GSSAPI? It seems likely you're mistaken. Simply listing GSSAPI as a supported SASL AUTH mechanism is not "doing" GSSAPI, the client would actually have to use GSSAPI. It is quite possible your clie

Re: GSSAPI SMTPD Authentication and MS Active Directory

2013-04-25 Thread Viktor Dukhovni
On Thu, Apr 25, 2013 at 12:27:59PM -0700, Matthew Larsen wrote: > > > >If you want to use SASL/GSSAPI, the clients have to be able to get > >a TGT from the KDC. > > > > The reason I've been looking at configuring the SASL/GSSAPI > mechanism is that's what I see the current Exchange server

Re: GSSAPI SMTPD Authentication and MS Active Directory

2013-04-25 Thread Matthew Larsen
On 4/25/2013 12:41 PM, Quanah Gibson-Mount wrote: --On Thursday, April 25, 2013 12:27 PM -0700 Matthew Larsen wrote: If you want to use SASL/GSSAPI, the clients have to be able to get a TGT from the KDC. The reason I've been looking at configuring the SASL/GSSAPI mechanism is that's what I

Re: GSSAPI SMTPD Authentication and MS Active Directory

2013-04-25 Thread Quanah Gibson-Mount
--On Thursday, April 25, 2013 12:27 PM -0700 Matthew Larsen wrote: If you want to use SASL/GSSAPI, the clients have to be able to get a TGT from the KDC. The reason I've been looking at configuring the SASL/GSSAPI mechanism is that's what I see the current Exchange server doing.  I'm hoping

Re: GSSAPI SMTPD Authentication and MS Active Directory

2013-04-25 Thread Matthew Larsen
On Wed, Apr 24, 2013 at 5:57 PM, Quanah Gibson-Mount > wrote: If you replaced Exchange 2003 with Zimbra, and set up external auth to your AD server, then it would use the custom zimbra authentication method for cyrus-sasl to auth your clients against AD.

Re: GSSAPI SMTPD Authentication and MS Active Directory

2013-04-24 Thread Quanah Gibson-Mount
--On Wednesday, April 24, 2013 5:35 PM -0700 Matthew Larsen wrote: I'm working on a project to replace an Exchange 2003 server that is only still around these days because we have lots of SMTP clients around the country that use it as an SMTP relay.  It only relays messages for clients authe

GSSAPI SMTPD Authentication and MS Active Directory

2013-04-24 Thread Matthew Larsen
I'm working on a project to replace an Exchange 2003 server that is only still around these days because we have lots of SMTP clients around the country that use it as an SMTP relay. It only relays messages for clients authenticated by our Active Directory domain. Members of a group in the parent