On 01/02/2016 01:30 PM, Viktor Dukhovni wrote:
how does one tell postfix/submission what principal to use, when in a load
balanced environment and the keytab differs from the smtp/$(uname -n)@REALM
formula?
A single keytab file can contain keys for multiple principals. On the
Postfix side the s
What are the merits of sssd for doing something like what kstart does? I
have it running and working for other needs and I think it provides more
than just kerberos token management.
The caching offers fault tolerance and resiliency in the case of problems,
as one example.
brendan
On Jan 4, 2016
--On Saturday, January 02, 2016 12:00 PM -0500 Brendan Kearney
wrote:
Victor's script gets a Kerberos ticket every hour. it does not renew
the existing ticket, it seems. my tickets are valid for 10 hours, and
renewable for 1 week. getting a new ticket every hour is unnecessary.
the idea o
On Sat, Jan 2, 2016 at 10:30 AM, Viktor Dukhovni wrote:
> On Sat, Jan 02, 2016 at 12:00:23PM -0500, Brendan Kearney wrote:
>
> > Victor's script gets a Kerberos ticket every hour. it does not renew
> the
> > existing ticket, it seems. my tickets are valid for 10 hours, and
> renewable
> > for
On Sat, Jan 02, 2016 at 12:00:23PM -0500, Brendan Kearney wrote:
> the SPN would be smtp/host.domain.tld@REALM.
That's what SMTP clients expect for an SMTP service at "host.domain.tld",
in Kerberos realm "REALM".
> how does one tell postfix/submission what principal to use, when in a load
> bala
the SPN would be smtp/host.domain.tld@REALM.
the primary is smtp
the instance is the hostname of the machine, or if in a load balanced
environment, the name of the Virtual IP (VIP) that the clients connect
to. if you are load balancing, you create one keytab file, and
distribute that same exa
never knew this, what is the SPN postix/sasl needs?
and a simple way to make the client work, setup a samba client, if setup
correctly, samba wil refres the keytab file.
if someone want info on this, i can answere monday again.
greetz,
louis
> Op 1 jan. 2016 om 21:17 heeft Viktor Dukhovni
>
Brendan Kearney:
> i am looking to get SASL binds working in Postfix for user, group and
> alias lookups, and i am not sure what i might be doing wrong.
>
> Postfix version - 3.0.3 running on Fedora 22. MIT Kerberos and OpenLDAP
> are being used.
There aren't a lot of Kerberos-experienced peop
On Fri, Jan 01, 2016 at 02:46:33PM -0500, Brendan Kearney wrote:
> Postfix version - 3.0.3 running on Fedora 22. MIT Kerberos and OpenLDAP are
> being used.
>
> my ldap-users.cf file, for example:
> server_host = ldap://server1.bpk2.com ldap://server2.bpk2.com
> search_base = dc=bpk2,dc=com
> ve
