Hi there.
I install on my gentoo OS, Postfix + Cyrus-Imapd +Cyrus-Sasl with Kerberos and ldap support.
1. Create keytab on my Windows srv 2008 (AD+KDC):
ktpass -princ host/srv-mydomain.local@MYDOMAIN.LOCAL -mapuser
ldapmail@MYDOMAIN.LOCAL -crypto RC4-HMAC-NT -ptype KRB5_NT_SRV_INST -pass "mypasswd" -out c:\mail.keytab
2. Copy mail.keytab via SCP to linux server (srv-mydomain.local)
changed permission
chown root.kerberos /etc/mail/mail.keytab
where kerberos:
cat /etc/group | grep kerberos
kerberos::1100:root,postfix,cyrus
kinit this keytab:
kinit -V -k -t /etc/mail/mail.keytab host srv-mydomain.local@MYDOMAIN.LOCAL
Authenticated to Kerberos v5
3. saslauthd start with next option:
ps ax | grep sasl
27593 ? Ss 0:00 /usr/sbin/saslauthd -a kerberos5
cat smtp.conf
pwcheck_method: saslauthd
mech_list: gssapi
sasl_pwcheck_method: saslauthd
sasl_mech_list: gssapi
sasl_keytab: /etc/mail/mail.keytab
I want, my users to be held authenticated via Kerberos, without using a login & password.
Postfix & Cyrus-Imapd should verify the existence of these users in AD.
So what is my next steps ???
many thanks ALL for your help :
)
--
Ross