Hello,
I have a running setup with a dovecot imap4/pop3 proxy to a few dovecot backend
servers which actually store the mailboxes. This is running smoothly and allows
me to transparently distribute mailboxes.
I'm using some "extrafield" configured in the LDAP passdb.
However, now I would like to use GSSAPI (preferred) and NTLM for single sign-on.
Both are pretty straightforward to configure in a single instance environment,
but I don't know if they would work with proxy. For example, with GSSAPI
there are two cases:
1) Just use gssapi mechanism, without PAM. Then, it a user presents a ticket
the passdb ldap is not used, so the extrafields are never read.
2) Use gssapi and PAM (thus allowing using a kerberos password). But the
extrafields feature isn't available with PAM passdb driver, so again the
proxy won't work.
The case for NTLM would fall into the first case, I think. Am I right regarding
this scenario? Is there a way I could make SSO and proxying work? I'm
currently using dovecot 2.0.16 (had to patch it to increment
LOGIN_MAX_INBUF_SIZE to 4096 for GSSAPI to work, as I read somewhere in this
list), but I could upgrade to a newer version if that allows all this to work.
Thanks!