Brendan - yes, go ahead and send that doc directly to my email address. I've got Maildir folders going, but not nfs; and I'm curious about your load balance.
THX --Mark -----Original Message----- > Date: Mon, 04 Jul 2016 10:40:06 -0400 > From: Brendan Kearney <bpk...@gmail.com> > To: dovecot@dovecot.org > Subject: Re: Configure Dovecot for GSSAPI [formerly: Looking for GSSAPI > config] > > On 07/04/2016 03:30 AM, Mark Foley wrote: > > Actually, I see that you used host.domain.name further down. That's a good > > substitute for mail.hprs.local. > > > > Also, not to be a literary critic, but it might not hurt to show an example > > keytab beneath your > > "Make sure your keytab has entry for ...". Just in case people don't > > exactly know how to "make sure: > > > > $ klist -Kek /etc/dovecot/dovecot.keytab > > Keytab name: FILE:/etc/dovecot/dovecot.keytab > > KVNO Principal > > ---- > > -------------------------------------------------------------------------- > > 1 imap/host.domain.name@MYREALM (des-cbc-crc) (0x232616c2a4fd08f7) > > 1 imap/host.domain.name@MYREALM (des-cbc-md5) (0x232616c2a4fd08f7) > > 1 imap/host.domain.name@MYREALM (arcfour-hmac) > > (0x9dae89a221dc374a39f560833 > > > > --Mark > > > > -----Original Message----- > > From: Mark Foley <mfo...@ohprs.org> > > Date: Mon, 04 Jul 2016 03:23:30 -0400 > > Organization: Ohio Highway Patrol Retirement System > > To: dovecot@dovecot.org > > Subject: Re: Configure Dovecot for GSSAPI [formerly: Looking for GSSAPI > > config] > > > > On Mon, 4 Jul 2016 08:54:27 +0300 Aki Tuomi <aki.tu...@dovecot.fi> wrote: > > > >>> http://wiki2.dovecot.org/Authentication/Kerberos > >> It has been now updated. > > Excellent! That was quick! > > > > Although, you used my actual local domain in your example: mail.hprs.local. > > Not that I care, > > no one can get to that, but it might be clearer to those of us who > > uncomprehendingly > > monkey-type things from wiki's when we don't fully understand. Perhaps > > something more generic > > would be clearer: myhost.myrealm, or myhost.mydom.local, or myLocalFDQN -- > > something like that. > > Not sure what is best; just don't want to imply that they HAVE TO use > > mail.hprs.local. > > > >> I had a look at the NTLM mechanism, it *should* support SSP and NTLMv2. > >> I have to set up some kind of test environment to find out why it bugs. > > I'm going to give my brain a rest for a bit before I resume tilting at the > > NTML windmill! I'll > > check back with the list to see if you've come up with anything. > > > >> Aki > > Again, thanks for all your help. > > > > --Mark > > > > -----Original Message----- > >> Subject: Re: Configure Dovecot for GSSAPI [formerly: Looking for GSSAPI > >> config] > >> To: dovecot@dovecot.org > >> From: Aki Tuomi <aki.tu...@dovecot.fi> > >> Organization: Dovecot Oy > >> Date: Mon, 4 Jul 2016 08:54:27 +0300 > >> On 04.07.2016 07:44, Mark Foley wrote: > >>> After a over a year and a half struggling to get Dovecot to do either > >>> NTLM or GSSAPI > >>> authentication with Samba4 AD/DC, I believe I've finally got it! Thanks > >>> to all those in this > >>> list who helped: Jan Jurkus, Edgar Pettijohn, Gregory Sloop, Tom Talpey > >>> especially Aki Tuomi; > >>> and infinite thanks to Achim Gottinger on the SambaList for his patience > >>> in working this > >>> through with me. Although my purpose was for Dovecot to authenticate > >>> mail clients, the > >>> configuration settings needed were on the Samba side. I hope a variation > >>> of these instructions > >>> can eventually make it into: > >>> > >>> http://wiki2.dovecot.org/Authentication/Kerberos > >>> > >>> > >> It has been now updated. > >> > >> I had a look at the NTLM mechanism, it *should* support SSP and NTLMv2. > >> I have to set up some kind of test environment to find out why it bugs. > >> > >> Aki > >> > i have a document that i had written, recording each of the changes > needed to each of the files to be modified, in order to have dovecot > authenticate against kerberos and authorize against ldap. in addition, > the use of nfs for maildir mailboxes and load balanced nuances are > covered. the doc is in odt format (libre office writer), and i have > attempted to post it to this mailing list, but it was quarantined. > > if there is any interest in the doc, reach out to me. i welcome input > and feedback on it. > > brendan >
