hi, just came accross Erinn Looney-Triggs's excellent writeup on using kerberos voor relaying e-mail (https://stomp.colorado.edu/blog/blog/2013/07/09/on-freeipa-postfix-and-a-relaying-smtp-client/) and have a question.
Would it not be possibly easier to just use the host's keytab (/etc/krb5.keytab) instead of just deploying a new service principal to every smtp client? I ask this because I am in the point of deploying something similar and would rather not need to have to deploy another set of keytabs everywhere unless this is a security malpractice, of course. TIA, -- Groeten, natxo _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users