--On Monday, December 11, 2017 3:48 PM -0600 Dan White <dwhite@xxxxxxx>
wrote:
On 12/11/17 15:46 -0500, Mark Foley wrote:
I would like to enable saslauthd for GSSAPI for sendmail authentication.
I am running Samba4 4.4.16 on Slackware64 14.2. Samaba4 includes
Heimdal kerberos. The Dovecot mail server authenticates domain users
using the Thunderbird email client via GSSAPI, so that indicates to me
that it is doable. My current saslauthd has:
Note that this does not enable SASL GSSAPI authentication, but rather
Kerberos authentication underneath SASL PLAIN or LOGIN.
Consult Sendmail documentation for enabling GSSAPI directly:
I would also note that if using a distribution provided SASL build, all
that may be necessary to allow SASL/GSSAPI to function is to install the
appropriate module. For example, on Debian/Ubuntu, you have a choice of
MIT backed Kerberos or Heimdal backed Kerberos:
libsasl2-modules-gssapi-heimdal
libsasl2-modules-gssapi-mit
I believe RedHat has something similar. I personally always chose Heimdal
as the Kerberos library on the client side to back SASL/GSSAPI due to
benchmarks I did, but that was 3 jobs and over a decade ago. ;)
Regards,
Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
