Re: Enabling cyrus-sasl for gssapi

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


--On Monday, December 11, 2017 3:48 PM -0600 Dan White <dwhite@xxxxxxx> wrote:

On 12/11/17 15:46 -0500, Mark Foley wrote:
I would like to enable saslauthd for GSSAPI for sendmail authentication.
I am running Samba4 4.4.16 on Slackware64 14.2.  Samaba4 includes
Heimdal kerberos. The Dovecot mail server authenticates domain users
using the Thunderbird email client via GSSAPI, so that indicates to me
that it is doable.  My current saslauthd has:

Note that this does not enable SASL GSSAPI authentication, but rather
Kerberos authentication underneath SASL PLAIN or LOGIN.

Consult Sendmail documentation for enabling GSSAPI directly:

I would also note that if using a distribution provided SASL build, all that may be necessary to allow SASL/GSSAPI to function is to install the appropriate module. For example, on Debian/Ubuntu, you have a choice of MIT backed Kerberos or Heimdal backed Kerberos:


I believe RedHat has something similar. I personally always chose Heimdal as the Kerberos library on the client side to back SASL/GSSAPI due to benchmarks I did, but that was 3 jobs and over a decade ago. ;)



Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:

[Index of Archives]     [Info Cyrus]     [Squirrel Mail]     [Linux Media]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux