Hi all, I have 2 postfix servers which are using saslauthd with kerberos as the authentication mech and clients connecting via gssapi to authenticate. All works well when clients come directly to the mail server in question. However, should the client go through a load balancer which is accepting connections on a IP which redirects to the actual target servers, we get principal lookup failures as the reverse dns does not match the target server in question. I've had similar problems with dovecot where the gssapi mech was modified to scan all entries in the keytab (fixing this issue). What route can we take for saslauthd in this scenario? I have added both relevant keys to the keytab (smtp/mail.domain.com and smtp/host.domain.com), albeit with unsuccessful results. Could someone please point me in the right direction here. Appreciate any help. Regards, Mustafa. -- Mustafa A. Hashmi backports@xxxxxxxxx
