On Thu, 10 Sep 2015, Kanwar Ranbir Sandhu wrote:
On 2015-09-09 14:21, Mike wrote:
Yep, I have it working. It's been almost 6 months since I set it up so
don't recall many details other than it was NOT trivial :). Have only
used alpine and thunderbird clients, both work fine.
I wonder if that means Evolution is broken. In any case, could you tell me
the changes you made to 10-auth.conf and any other files for GSSAPI auth to
work? I would like to compare your setup to mine and to what I've read
online.
Thanks!
Ranbir
In looking at my notes I think it was LDAP integration that gave me the
most headaches, GSSAPI was pretty straight forward. In any case for
GSSAPI/SSO I'm pretty sure this is what I used primarily (noting that it
was written with RHEL 6.2 as a target):
http://www.freeipa.org/page/Dovecot_IMAPS_Integration_with_FreeIPA_using_Single_Sign_On
And I believe these are the primary changes that I made to the dovecot
config.
# diff ~/etc_dovecot_orig/conf.d/10-auth.conf /etc/dovecot/conf.d/10-auth.conf
10a11
disable_plaintext_auth = no
29a31
auth_realms = ourdomain.com
33a36
auth_default_realm = ourdomain.com
71a75
auth_gssapi_hostname = mx01.ourdomain.com
76a81
auth_krb5_keytab = /etc/dovecot/krb5.keytab
100c105,106
< auth_mechanisms = plain
---
#auth_mechanisms = plain
auth_mechanisms = gssapi cram-md5 plain login
122c128
< !include auth-system.conf.ext
---
#!include auth-system.conf.ext
124c130
< #!include auth-ldap.conf.ext
---
!include auth-ldap.conf.ext
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
