Displaying 20 results from an estimated 10000 matches similar to: "How to GSSAPI/Kerberos authenticate with Dovecot [formerly Where is krb5.keytab or equivalent?]"
2016 Jul 04
3
How to GSSAPI/Kerberos authenticate with Dovecot [formerly Where is krb5.keytab or equivalent?]
> To: samba at lists.samba.org
> From: Achim Gottinger <achim at ag-web.biz>
> Date: Mon, 4 Jul 2016 09:29:02 +0200
> Subject: Re: [Samba] How to GSSAPI/Kerberos authenticate with Dovecot
>
> Am 04.07.2016 um 01:34 schrieb Mark Foley:
> > After a nearly 2-year struggle to get Dovecot to do either NTLM or GSSAPI authentication with
> > Samba4 AD/DC, I believe
2016 Jul 01
1
Where is krb5.keytab or equivalent?
Am 01.07.2016 um 23:52 schrieb Achim Gottinger:
> Here is an simpler way to create an user with the imap principal and
> the dovecot keymap
>
> ~# samba-tool user create dovecot
> [Assign password]
> ~# samba-tool spn add imap/server.domain.local dovecot
> ~# samba-tool domain exportkeytab --principal dovecot at DOMAIN.LOCAL
> dovecot.keytab
If above line is replaced by
2016 Jul 01
5
Where is krb5.keytab or equivalent?
I'm sure it will not work till you get that module build. :-)
Am 01.07.2016 um 20:53 schrieb Mark Foley:
> On Fri, 1 Jul 2016 11:55:20 +0200 Achim Gottinger <achim at ag-web.biz> wrote:
>
>> Do you have /usr/lib/dovecot/modules/auth/libmech_gssapi.so? Maybe at an
>> different location. On debian this comes with the dovecot-gssapi package.
> That module is nowhere
2016 Jun 30
3
Where is krb5.keytab or equivalent?
Am 30.06.2016 um 23:16 schrieb Mark Foley:
> Achim, thanks a lot! A couple of questions on your suggested settings:
>
>> 1. Create an user
>> samba-tool create user dovcot
> I did this (actually `samba-tool user create dovecot`), but it asked for a password. I
> entered one. You didn't mention that, so I hope it's OK.
Yes
>
>
>> 2. Add the spn
2016 Jun 30
2
Where is krb5.keytab or equivalent?
Did a few test here "auth_gssapi_hostname = "$ALL"" is no longer
required with dovecot (2.2.13 here).
Add "auth_debug=yes" to your dovecor config.
192.168.100.1 is my clients ip 192.168.100.101 is the servers
ag is the domain account username I use to login to windows and also the
username configured in thunderbird.
On my debian system an package named
2016 Jul 01
3
Where is krb5.keytab or equivalent?
More info ...
when I do
MAIL=imap://mark at mail.ohprs.org/ mutt
(using the domain of the registered certificate). I do not get the message "Certificate host
check failed: certificate owner does not match hosthame ..."
I do get the same (mutt?) edit screen shown below with the "(r)eject, accept (o)nce, (a)ccept
always" action at the bottom. If I "accept (o)nce",
2016 Jul 14
3
How to GSSAPI/Kerberos authenticate with Dovecot [formerly Where is krb5.keytab or equivalent?]
> To: samba at lists.samba.org
> From: Rowland penny <rpenny at samba.org>
> Date: Mon, 4 Jul 2016 21:43:46 +0100
> Subject: Re: [Samba] How to GSSAPI/Kerberos authenticate with Dovecot
> [formerly Where is krb5.keytab or equivalent?]
>
> On 04/07/16 21:21, Mark Foley wrote:
> >> To: samba at lists.samba.org
> >> From: Achim Gottinger <achim at
2016 Jul 04
1
How to GSSAPI/Kerberos authenticate with Dovecot [formerly Where is krb5.keytab or equivalent?]
On Mon, 4 Jul 2016 08:18:11 +0100 Rowland penny <rpenny at samba.org> wrote:
> The problem is that Samba doesn't recommend using the DC as a fileserver
> etc This is why it isn't mentioned,
Well, I don't see that the DC is being used as an actual file server simply by hosting an email
server. There is no share defined in smb.conf to accomodate this. Furthermore, I
2016 Jun 30
2
Where is krb5.keytab or equivalent?
Am 30.06.2016 um 10:45 schrieb Mark Foley:
> To revisit my problem: I have Dovecot running on the same host as Samba4 AD/DC. I've set
> Thunderbird to authenticate with GSSAPI on a domain workstation. I have an /etc/krb5.keytab
> file as required by Dovecot. I've also downloaded and installed Kerberos for access to
> the k* commands (ktutil, kinit, klist, ...).
>
> In my
2016 Jul 04
2
Configure Dovecot for GSSAPI [formerly: Looking for GSSAPI config]
After a over a year and a half struggling to get Dovecot to do either NTLM or GSSAPI
authentication with Samba4 AD/DC, I believe I've finally got it! Thanks to all those in this
list who helped: Jan Jurkus, Edgar Pettijohn, Gregory Sloop, Tom Talpey especially Aki Tuomi;
and infinite thanks to Achim Gottinger on the SambaList for his patience in working this
through with me. Although my
2016 Jul 04
0
How to GSSAPI/Kerberos authenticate with Dovecot [formerly Where is krb5.keytab or equivalent?]
Am 04.07.2016 um 01:34 schrieb Mark Foley:
> After a nearly 2-year struggle to get Dovecot to do either NTLM or GSSAPI authentication with
> Samba4 AD/DC, I believe I've finally got it! Infinite thanks to Achim Gottinger for his
> patience in working this through with me. Although my purpose was for Dovecot to authenticate
> mail clients, the configuration settings needed were on
2016 Jul 04
0
How to GSSAPI/Kerberos authenticate with Dovecot [formerly Where is krb5.keytab or equivalent?]
On 04/07/16 00:34, Mark Foley wrote:
> After a nearly 2-year struggle to get Dovecot to do either NTLM or GSSAPI authentication with
> Samba4 AD/DC, I believe I've finally got it! Infinite thanks to Achim Gottinger for his
> patience in working this through with me. Although my purpose was for Dovecot to authenticate
> mail clients, the configuration settings needed were on the
2016 Jul 04
0
How to GSSAPI/Kerberos authenticate with Dovecot [formerly Where is krb5.keytab or equivalent?]
On 04/07/16 21:21, Mark Foley wrote:
>> To: samba at lists.samba.org
>> From: Achim Gottinger <achim at ag-web.biz>
>> Date: Mon, 4 Jul 2016 09:29:02 +0200
>> Subject: Re: [Samba] How to GSSAPI/Kerberos authenticate with Dovecot
>>
>> Am 04.07.2016 um 01:34 schrieb Mark Foley:
>>> After a nearly 2-year struggle to get Dovecot to do either NTLM or
2016 Jul 04
3
Configure Dovecot for GSSAPI [formerly: Looking for GSSAPI config]
On Mon, 4 Jul 2016 08:54:27 +0300 Aki Tuomi <aki.tuomi at dovecot.fi> wrote:
> > http://wiki2.dovecot.org/Authentication/Kerberos
>
> It has been now updated.
Excellent! That was quick!
Although, you used my actual local domain in your example: mail.hprs.local. Not that I care,
no one can get to that, but it might be clearer to those of us who uncomprehendingly
monkey-type
2016 Jul 04
4
Configure Dovecot for GSSAPI [formerly: Looking for GSSAPI config]
On 07/04/2016 03:30 AM, Mark Foley wrote:
> Actually, I see that you used host.domain.name further down. That's a good substitute for mail.hprs.local.
>
> Also, not to be a literary critic, but it might not hurt to show an example keytab beneath your
> "Make sure your keytab has entry for ...". Just in case people don't exactly know how to "make sure:
>
> $
2016 Sep 16
6
Exporting keytab for SPN failure
Am 16.09.2016 um 22:00 schrieb Robert Moulton via samba:
> Achim Gottinger via samba wrote on 9/15/16 1:20 AM:
>>
>>
>> Am 15.09.2016 um 09:35 schrieb Rowland Penny via samba:
>>> On Wed, 14 Sep 2016 16:23:27 -0500
>>> Michael A Weber via samba <samba at lists.samba.org> wrote:
>>>
>>>>> On Sep 14, 2016, at 2:00 PM, Achim
2016 Sep 15
3
Exporting keytab for SPN failure
Am 15.09.2016 um 09:35 schrieb Rowland Penny via samba:
> On Wed, 14 Sep 2016 16:23:27 -0500
> Michael A Weber via samba <samba at lists.samba.org> wrote:
>
>>> On Sep 14, 2016, at 2:00 PM, Achim Gottinger <achim at ag-web.biz>
>>> wrote:
>>>
>>>
>>>
>>> Am 14.09.2016 um 20:33 schrieb Michael A Weber:
>>>>>
2016 Sep 16
2
Exporting keytab for SPN failure
On Fri, 16 Sep 2016 13:00:52 -0700
Robert Moulton via samba <samba at lists.samba.org> wrote:
> Achim Gottinger via samba wrote on 9/15/16 1:20 AM:
> >
> >
> > Am 15.09.2016 um 09:35 schrieb Rowland Penny via samba:
> >> On Wed, 14 Sep 2016 16:23:27 -0500
> >> Michael A Weber via samba <samba at lists.samba.org> wrote:
> >>
>
2016 Sep 16
2
Exporting keytab for SPN failure
Am 16.09.2016 um 22:49 schrieb Rowland Penny via samba:
> On Fri, 16 Sep 2016 22:43:42 +0200
> Achim Gottinger via samba <samba at lists.samba.org> wrote:
>
>>
>> Am 16.09.2016 um 22:00 schrieb Robert Moulton via samba:
>>> Achim Gottinger via samba wrote on 9/15/16 1:20 AM:
>>>>
>>>> Am 15.09.2016 um 09:35 schrieb Rowland Penny via
2016 Sep 17
2
Exporting keytab for SPN failure
On Fri, Sep 16, 2016 at 6:08 PM, Achim Gottinger via samba
<samba at lists.samba.org> wrote:
>
>
> Am 17.09.2016 um 02:36 schrieb Achim Gottinger via samba:
>>
>>
>>
>> Am 17.09.2016 um 02:19 schrieb Achim Gottinger via samba:
>>>
>>>
>>>
>>> Am 17.09.2016 um 01:23 schrieb Robert Moulton:
>>>>
>>>>