I don't know if there are any howto in the net, but I had it configured
and working, so I will give you some little tips.
I tested this configuration on Fedora Core 3 and SuSE Prof. 9.2, with
dovecot 0.99
- Create a Linux user named "vmail" or similar (all virtual mailboxes
will be in a dir. under this user's home or under a directory owned by
this user).
- Postfix side: you must use virtual mailbox delivery (one Linux user
"vmail", multiple virtual mailboxes), see the Postfix distribution
readme files (README_VIRTUAL if I remember well).
- Dovecot side: use pam as password database and use static as user
database (with same uid and gid as Postfix virtual mailbox user).
- Pam side: in /etc/pam.d add/modify a "dovecot" file containing:
auth required pam_krb5.so no_user_check
account required pam_permit.so
- Last: you must verify that you have installed Kerberos 5 clients and
libraries, then edit your /etc/krb5.conf like this (CASE SENSITIVE!):
[libdefaults]
clockskew = 300
default_realm = YOUR.AD.DOMAIN
# default_etypes = des-cbc-crc
# default_etypes_des = des-cbc-crc
# dns_lookup_realm = false
# dns_lookup_kdc = false
[realms]
your.ad.domain = {
kdc = your_dc_server.your.ad.domain
default_domain = YOUR.AD.DOMAIN
kpasswd_server = your_dc_server.your.ad.domain
}
[domain_realm]
.your.ad.domain = YOUR.AD.DOMAIN
[logging]
default = SYSLOG:NOTICE:DAEMON
kdc = FILE:/var/log/kdc.log
kadmind = FILE:/var/log/kadmind.log
[appdefaults]
pam = {
ticket_lifetime = 1d
renew_lifetime = 1d
forwardable = true
proxiable = false
retain_after_close = false
minimum_uid = 0
debug = false
}
You can test Kerberos authentication with the command "kinit
username at YOUR.AD.DOMAIN"
Good luck!
--
___________________________________________________________________
Ing. PAOLO BASENGHI :::: Systems & Networking Engineer
p.basenghi at netribe.it
???????????????????????????????????????????????????????????????????
NETRIBE srl :: Collaborative E-Business
42100 :: Reggio Emilia :: Italy :: Via della Costituzione, 27/4
ph. +39 0522 232378 :: fax +39 0522 232386 :: http://www.netribe.it
???????????????????????????????????????????????????????????????????
???????????????????????????????????????????????????????????????????
Le informazioni contenute in questa comunicazione sono riservate e
destinate esclusivamente alla/e persona/e o all'ente sopra indicati.
? vietato ai soggetti diversi dai destinatari qualsiasi uso, copia,
diffusione di quanto in esso contenuto sia ai sensi dell'art. 616
c.p., sia ai sensi della legge 196/2003. Se questa comunicazione vi
? pervenuta per errore, vi preghiamo di rispondere a questa mail e
successivamente cancellarla dal vostro sistema.
???????????????????????????????????????????????????????????????????
Askar wrote:
> hi list,
>
>
> I'm just curious if someone succesfully done dovecot
> authentication of Active directory and I will appreciage any link in
> this regards
>
>
>
> Thanks
>
> Askar