Jaap Winius wrote:
Hi folks,
Is it possible to configure an Exim4 server (exim4-daemon-heavy 4.72-6
on Debian squeeze) to offer an authenticated SMTP service with
end-to-end SSL encryption while authenticating the passwords with Kerberos?
So far I've added the following to 00_exim4-config_header:
sasl_gssapi:
driver = cyrus_sasl
public_name = GSSAPI
server_realm = EXAMPLE.COM
server_set_id = $auth1
In addition to that:
* The mail server has a functioning Kerberos client.
* I've created the following principal for it in the KDC:
smtp/[email protected]
* I've added the keys for it to the local key table.
* I've created the following environment variable:
KRB5_KTNAME=/etc/krb5.keytab
* The key table has permissions 640 and owner.group
root.Debian-exim.
Still, I'm missing some things. For instance, I'm not even sure how the
MUAs should be configured (e.g. port 25, 465 or 587? SSL/TLS or STARTTLS?).
Thanks,
Jaap
Have a look at these, walk the thread trees, and do your own due diligence:
http://www.exim.org/exim-html-current/doc/html/spec_html/ch36.html
http://wiki.debian.org/PkgCyrusSASL
http://www.gossamer-threads.com/lists/exim/users/75988
http://www.mail-archive.com/[email protected]/msg26509.html
HTH,
Bil Hacker (who is too lazy by far to use kerberos at all..)
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
