Hi List, Is anyone is running Dovecot with Kerberos and tried to authenticate user from different REALM and have same user principal with default domain. Currently Dovecot only logs user principal w/o REALM. So before I go in production maybe somebody already run into this using Dovecot? If not I just create virtual machines and see how it behaves.
On Tue, 2009-12-15 at 14:37 +0300, Nikolay Shopik wrote:> Is anyone is running Dovecot with Kerberos and tried to authenticate > user from different REALM and have same user principal with default > domain. Currently Dovecot only logs user principal w/o REALM. So before > I go in production maybe somebody already run into this using Dovecot? > If not I just create virtual machines and see how it behaves.I don't know much about Kerberos, but in v1.2 there are several changes to cross-realm auth that should make it work better. Are you using v1.2? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20091215/15a2ac5e/attachment-0002.bin>
On 15.12.2009 21:58, Timo Sirainen wrote:> On Tue, 2009-12-15 at 14:37 +0300, Nikolay Shopik wrote: >> Is anyone is running Dovecot with Kerberos and tried to authenticate >> user from different REALM and have same user principal with default >> domain. Currently Dovecot only logs user principal w/o REALM. So before >> I go in production maybe somebody already run into this using Dovecot? >> If not I just create virtual machines and see how it behaves. > > I don't know much about Kerberos, but in v1.2 there are several changes > to cross-realm auth that should make it work better. Are you using v1.2? >Hello Timo, For now I'm on 1.0.15 but plan migrate to 1.2.8 very soon. I believe you are talking about auth_default_realm, auth_realms parameters in dovecot.conf?