23
23
'auth_krb5_keytab' configuration entry in dovecot.conf. If you wish to provide
24
24
an IMAP service, you will need to install a service ticket of the form
25
25
'imap/hostname@REALM'. For POP3, you will need a service ticket of the form
26
'pop/hostname@REALM'. When using Dovecot's <SASL.txt> with MTA, you will need
27
to install service ticket of the form 'smtp/hostname@REALM'.
26
'pop/hostname@REALM'. When using Dovecot's <SASL> [Sasl.txt] with MTA, you
27
will need to install service ticket of the form 'smtp/hostname@REALM'.
29
29
Example dovecot.conf configurations
30
30
-----------------------------------
76
76
*FIXME*: This section requires cleanup.
78
Test that the server can access the keytab
79
------------------------------------------
81
This test demonstrates that te server can acquire its private credentials.
82
First telnet directly to the server
84
* ---%<----------------------------------------------------------------------
85
$ telnet localhost 143
87
---%<----------------------------------------------------------------------
89
or, if you are using IMAPS then use openssl instead of telnet to connect:
91
* ---%<----------------------------------------------------------------------
92
$ openssl s_client -connect localhost:993
96
---%<----------------------------------------------------------------------
98
Check that GSSAPI appears in the authentication capabilities:
100
* ---%<----------------------------------------------------------------------
102
* CAPABILITY ... AUTH=GSSAPI
103
---%<----------------------------------------------------------------------
105
Attempt the first round of GSS communication. The '+' indicates that the server
108
* ---%<----------------------------------------------------------------------
109
a authenticate GSSAPI
111
---%<----------------------------------------------------------------------
113
Abort the telnet session by typing control-] and then 'close'
115
* ---%<----------------------------------------------------------------------
118
---%<----------------------------------------------------------------------
80
122
* Setup mutt in /etc/Muttrc to use kerberos using gssapi and imap
86
128
* run command klist (list all kerberos keys) should show imap/HOSTNAME
87
129
* /etc/hosts has to be set properly so that kerberos can find server.
89
(This file was created from the wiki on 2008-06-20 04:42)
131
(This file was created from the wiki on 2009-01-05 04:42)