just came accross Erinn Looney-Triggs's excellent writeup on using
kerberos voor relaying e-mail
and have a question.
Would it not be possibly easier to just use the host's keytab
(/etc/krb5.keytab) instead of just deploying a new service principal
to every smtp client?
I ask this because I am in the point of deploying something similar
and would rather not need to have to deploy another set of keytabs
everywhere unless this is a security malpractice, of course.
Freeipa-users mailing list