On Wednesday, July 10, 2013 05:00:53 PM Dmitri Pal wrote:
> On 07/10/2013 12:12 PM, Simo Sorce wrote:
> > On Wed, 2013-07-10 at 11:45 -0400, Erinn Looney-Triggs wrote:
> >> Folks,
> >> I swear I am not trying to drive up traffic to my very small blog, but I
> >> wrote up some instruction for how to configure the postfix mail client
> >> to use Kerberos to relay through a Postfix gateway.
> >> 
> >> Instructions are here for folks that are interested:
> >> https://stomp.colorado.edu/blog/blog/2013/07/09/on-freeipa-postfix-and-a-> 
> >> >> relaying-smtp-client/
> >> 
> >> Hopefully it is useful to some people in the future, for me it took the
> >> help of some users on the Postfix list, a lot of it was not clear.

Erinn, this is excellent!  I've been looking for just this idea!  Thanks.

> I think it is worth mentioning that starting Fedora 19 the step to
> configure cron to fetch tickets is not needed. GSS proxy can be
> configured instead to automatically acquire tickets on client's behalf.
> https://fedorahosted.org/gss-proxy/
> 
> It generally applies to any unattended client that uses keytab to
> authenticate it being messaging client, DB client, LDAP client or
> anything else. You name it...
> 
> Thanks for the blog!
> 
> 
> -- 
> Thank you,
> Dmitri Pal


Dmitri, thanks for the info on gssproxy.  I am using gssproxy for NFS in F19, 
but have not begun using it for other services such as an smtp client, though 
this is exactly what I'd be looking for.  Do you think you'd be able to show 
us what the gssproxy.conf file might look like for Postfix's smtp service?  
How would one store the keytab in /var/lib/gssapi/clients?  As far as I can 
tell, the keytabs stored there are listed as <uidnumber>.keytab, so I imagine 
this would be stored as the postfix user's uidnumber.

Thanks again.  -A

-- 
Anthony - http://messinet.com - http://messinet.com/~amessina/gallery
8F89 5E72 8DF0 BCF0 10BE 9967 92DC 35DC B001 4A4E

Attachment: signature.asc
Description: This is a digitally signed message part.

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to