search for: auth_krb5_keytab

Hi list, i noticed that when doing imap gssapi authentication with kerberos, dovecot (here 2.1.7) always searches /etc/krb5.keytab although i have auth_krb5_keytab = /etc/mail3.krb5.keytab in my etc/dovecot/dovecot.conf and doveconf -n also show this setting. If i combine the keytabs in krb5.keytab it works. Is there another location where i should put my configuration regarding gssapi/kerberos ? Thanks, Leon logs: 18:48_root at mail3:/root# cat /var/log/do...

Hello, i am using here a FreeBSD 7.0 amd64 with latest dovecot from ports. It ignores the krb5_keytab settings, which looks like this in the logs: dovecot: Aug 02 18:56:54 Error: auth(default): gssapi(?,130.149.58.145): While processing incoming data: Miscellaneous failure (see text) dovecot: Aug 02 18:56:54 Error: auth(default): gssapi(?,130.149.58.145): While processing incoming data:

Greetings, i am using here FreeBSD 7.0-RELEASE amd64 with dovecot 1.0.13. Gssapi auth on our dovecot setup did not work for some time, so i wanted to fix it today. I run into an auth failure, where my mutt was not able to login. Also mutt was not able to login, i had a imap/mail2.physik-pool.tu-berlin.de principal in my credentials cache after an try. I can work around with a "ln -s

...ge https://wiki.dovecot.org/Authentication/Kerberos and considering the sentence that states [...]The Kerberos authentication mechanism doesn't require having a passdb, but you do need a userdb[...] I produced a configuration file that looked like this > auth_gssapi_hostname = $ALL > auth_krb5_keytab = /etc/dovecot/dovecot.keytab > auth_mechanisms = gssapi > auth_username_format = %u > mail_location = > maildir:~/Maildir:INDEX=/var/lib/dovecot/%d/%n:CONTROL=/var/lib/dovecot/%d/%n:UTF-8 > managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject e...

...b file ktutil addent -password -p smtp/server.domain.local at DOMAIN.LOCAL -k 1 -e arcfour-hmac addent -password -p imap/server.domain.local at DOMAIN.LOCAL -k 1 -e arcfour-hmac wkt /etc/dovecot/dovecot.keytab 4. Add this to your dovecot config # Kerberos auth_gssapi_hostname = "$ALL" auth_krb5_keytab = /etc/dovecot/dovecot.keytab Hope it helps, achim~

...Jun 27 00:04:54 imap-login: Info: Disconnected: Auth process broken (disconnected before auth was ready, waited 0 secs): user=<>, rip=192.168.0.99, lip=98.102.63.107, session=<Zk1rnzo2IADAqABj> > > So, any idea why this is not working? I'll say up-front that I do not have the auth_krb5_keytab > configured in 10-auth.conf. I could find no such file on the host running Dovecot. Is that file > needed? If so, I've got a message in to the Samba4 folks asking where it is located. > > I'm also using Dovecot 2.2.15. Too old? > > Do you think auth_krb5_keytab is my prob...

...dovecot: auth: Error: LDAP: binding failed (dn smtp/mailhost.example.org at EXAMPLE.ORG): Local error, SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Credentials cache file '/tmp/krb5cc_97' not found) Additionally, I have "auth_krb5_keytab = /etc/dovecot/krb5.keytab" setup for the GSSAPI user login. The credential cache should be that file should it not? If not, how do I go about setting that up so that it will work. Thank you, Trever -- "The only true happiness comes from squandering ourselves for a purpose." -- Wi...

...u can remove the krb4_ stuff I've remove krb4_ stuff from the [libdefaults] and eliminated the [login] section altogether. Question on [realms]Administrator: should that really be root or should it be my AD Administrator? my doveconf -n is exactly the same as posted below, but in particular: auth_krb5_keytab = /etc/krb5.keytab auth_mechanisms = plain login gssapi When I reloaded dovecot no mail was delivered to anyone (even though everyone was still using plain/ssl, no one yet configured for gssapi). In /var/log/maillog I got (repeatedly): Jun 28 09:43:36 mail dovecot: imap-login: Warning: Auth proc...

...ly the two keys you just added are required to get kerberos working. The system keytab you generated with samba-tool domain exportkeytab is not required. > > >> 4. Add this to your dovecot config >> >> # Kerberos >> auth_gssapi_hostname = "$ALL" >> auth_krb5_keytab = /etc/dovecot/dovecot.keytab > Did that. In addition, I set the keytab file's group to dovecot and made the file group > readable, as suggested by http://wiki2.dovecot.org/Authentication/Kerberos. I also tried > making it world readable. Now, after doing all that and restarting dov...

...;wtk". Type '?' for a request list." In looking at the "?" list I saw 'wkt', so I assumed you simply transposed the letters. I tried it and it took. > 4. Add this to your dovecot config > > # Kerberos > auth_gssapi_hostname = "$ALL" > auth_krb5_keytab = /etc/dovecot/dovecot.keytab Did that. In addition, I set the keytab file's group to dovecot and made the file group readable, as suggested by http://wiki2.dovecot.org/Authentication/Kerberos. I also tried making it world readable. Now, after doing all that and restarting dovecot I still g...

Hi Ranbir I've worked with freeIPA a little, but without your doveconf or some other context information, it is difficult to identify the issue. Regards, Manuel Delgado ----------------------------------------------------------- *Usuario Linux* *#520940 <http://counter.li.org/>* Mag. Computaci?n e Inform?tica Universidad de Costa Rica Centro de Inform?tica On Mon, Sep 7, 2015 at

...longer in /etc/passwd/shadow. So, what is the best way to get the iPhone to authenticate? Here's my current config: > doveconf -n # 2.2.15: /usr/local/etc/dovecot/dovecot.conf # OS: Linux 4.4.88 x86_64 Slackware 14.2 auth_debug = yes auth_debug_passwords = yes auth_gssapi_hostname = $ALL auth_krb5_keytab = /etc/dovecot/dovecot.keytab auth_mechanisms = plain login gssapi auth_use_winbind = yes auth_username_format = %n auth_verbose = yes auth_verbose_passwords = plain disable_plaintext_auth = no info_log_path = /var/log/dovecot_info mail_location = maildir:~/Maildir passdb { driver = shadow } prot...

...s -0 chmod 2770 find /var/vmail/public -type f -print0 | xargs -0 chmod 660 But i had no success. Any Ideas how to get it running? Here is my dovecot -n output # 2.0.19: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-58-generic x86_64 Ubuntu 12.04.4 LTS ext4 auth_gssapi_hostname = mailand.sxps.int auth_krb5_keytab = /etc/dovecot/dovecot.keytab auth_mechanisms = gssapi plain first_valid_gid = 116 first_valid_uid = 108 log_timestamp = "%Y-%m-%d %H:%M:%S " mail_gid = 116 mail_home = /var/vmail/sieve/%d/%u mail_location = maildir:/var/vmail/%$ mail_uid = 108 managesieve_notify_capability = mailto manag...

Hi all, I have no idea about that message, here is my configuration, what's wrong? Debian testing, Dovecot 2.0.15 $ doveconf -n # 2.0.15: /etc/dovecot/dovecot.conf # OS: Linux 3.1.0-1-686-pae i686 Debian wheezy/sid auth_default_realm = corp.example.com auth_krb5_keytab = /etc/dovecot.keytab auth_master_user_separator = * auth_mechanisms = gssapi digest-md5 auth_realms = corp.example.com auth_username_format = %n first_valid_gid = 1000 first_valid_uid = 1000 mail_location = mdbox:/srv/mail/%u/Mail managesieve_notify_capability = mailto managesieve_sieve_capability...

...) DOVECOT SETTINGS: Of crucial importance is to buld dovecot with GSSAPI! That is NOT one of the default settings. In the build directory: ./configure --with-gssapi=yes Otherwise, settings are pretty simple. Add the following 3 settings to 10-auth.conf: auth_gssapi_hostname = "$ALL" auth_krb5_keytab = /etc/dovecot/dovecot.keytab auth_mechanisms = plain login gssapi The auth_gssapi_hostname is supposedly not required according to dovecotList comments, but my 10-auth.conf template implies differently, so it can't hurt. I couldn't get any of this working until I rebooted the Samba AD/DC...

...om 'doveconf -n' from both hosts for reference :: mail1 :: # 2.2.10: /etc/dovecot/dovecot.conf # OS: Linux 3.10.0-123.20.1.el7.x86_64 x86_64 CentOS Linux release 7.0.1406 (Core) auth_cache_size = 5 M auth_debug = yes auth_default_realm = example.com auth_gssapi_hostname = mail.example.com auth_krb5_keytab = /etc/dovecot/dovecot.keytab auth_mechanisms = plain gssapi auth_realms = example.com auth_verbose = yes doveadm_password = <secret> lmtp_save_to_detail_mailbox = yes mail_debug = yes mail_location = maildir:~/Maildir mail_plugins = " fts fts_lucene notify quota replication virtual zlib...

...o get kerberos working. > The system keytab you generated with samba-tool domain exportkeytab is > not required. > > > > > >> 4. Add this to your dovecot config > >> > >> # Kerberos > >> auth_gssapi_hostname = "$ALL" > >> auth_krb5_keytab = /etc/dovecot/dovecot.keytab > > Did that. In addition, I set the keytab file's group to dovecot and made the file group > > readable, as suggested by http://wiki2.dovecot.org/Authentication/Kerberos. I also tried > > making it world readable. Now, after doing all that and...

..._ stuff from the [libdefaults] and eliminated the [login] section altogether. > > Question on [realms]Administrator: should that really be root or should it be my AD Administrator? > > > > my doveconf -n is exactly the same as posted below, but in particular: > > > > auth_krb5_keytab = /etc/krb5.keytab > > auth_mechanisms = plain login gssapi > > > > When I reloaded dovecot no mail was delivered to anyone (even though everyone was still using > > plain/ssl, no one yet configured for gssapi). > > > > In /var/log/maillog I got (repeatedly): &...

...> The system keytab you generated with samba-tool domain exportkeytab is >> not required. >>> >>> >>>> 4. Add this to your dovecot config >>>> >>>> # Kerberos >>>> auth_gssapi_hostname = "$ALL" >>>> auth_krb5_keytab = /etc/dovecot/dovecot.keytab >>> Did that. In addition, I set the keytab file's group to dovecot and made the file group >>> readable, as suggested by http://wiki2.dovecot.org/Authentication/Kerberos. I also tried >>> making it world readable. Now, after doing all...

...not in the Spam folder where they should be?? /var/vmail/domain/user/Maildir/.Spam/cur/ *?dovecot -n* # 2.2.22 (fe789d2): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.13 (7b14904) # OS: Linux 4.4.0-104-generic x86_64 Ubuntu 16.04.3 LTS ext4 auth_gssapi_hostname = mailserver.belpol.local auth_krb5_keytab = /etc/dovecot/dovecot.keytab auth_mechanisms = gssapi plain first_valid_gid = 117 first_valid_uid = 111 listen = * log_timestamp = "%Y-%m-%d %H:%M:%S " mail_gid = ebox mail_home = /var/vmail/%d/%u mail_location = maildir:/var/vmail/%d/%u/Maildir mail_uid = ebox managesieve_notify_capabil...