Timo Sirainen wrote: >> I really want to use kerberos/SPNEGO everywhere I can for various >> reasons. The LDAP would be for the configuration. > Do you actually want the IMAP/POP3 clients to use Kerberos? For > plaintext auth I don't see any benefit in Dovecot using Kerberos > rather than LDAP (and it doesn't support that, except via pam_kerberos > or whatever I guess). But for clients to use Kerberos (GSSAPI) and > authenticate against AD while Dovecot is in the middle... I've no > idea. I guess that's possible somehow. You have all of the Kerberos/GSSAPI/SPNEGO stuff done. It is just a matter of can I still have the configuration (for user directories, etc.) done in LDAP?
http://wiki.dovecot.org/Authentication/Mechanisms/Winbind?highlight=%28spnego%29 for the SNPEG/Kerberos I am not using this via Plain Text. This is for AD and Kerberos domains. (Yes, I understand that if I want to do straight kerberos, I use http://wiki.dovecot.org/Authentication/Kerberos instead. But instead of userdb static, can it be userdb ldap or some such? > There's no great way to do this.. A couple of kludgy ways. Like chmod > 01777 /var/mail. Or override mail_executable setting to a script that > still runs as root and can create the directory with proper > permissions. http://wiki.dovecot.org/PostLoginScripting Alright, I am going to have to find another way for this part. The other part (Kerberos and LDAP together), I do need. LDAP for configuration, Kerberos (or NTLM in some cases for SPNEGO) for authentication. Trever Adams
signature.asc
Description: OpenPGP digital signature
