From: Alex Dehnert Date: Thu, 28 Mar 2013 03:50:42 +0000 (-0400) Subject: Change keytab names to reflect smtp/ principal X-Git-Url: https://dehnerts.com/gitweb/?a=commitdiff_plain;h=2b4d38aeb72e0618961fd4f4362a1d70cb6ac9e5;p=sysconfig%2Fdovecot.git Change keytab names to reflect smtp/ principal In order to get kerberized SMTP by Postfix backending onto Dovecot's SASL implementation, Dovecot needs to have access to an smtp/olinda.dehnerts.com key (as well as an imap/olinda.dehnerts.com key for the IMAP). Sticking smtp/olinda.dehnerts.com in a file named imap.keytab seemed silly, so I renamed that file to olinda.keytab and added the smtp/ key. Getting and using the new principal (and reconfiguring the MUA's like Thunderbird) turns out to be the only config change required. --- diff --git a/conf.d/10-auth.conf b/conf.d/10-auth.conf index b7f554b..5a69bcc 100644 --- a/conf.d/10-auth.conf +++ b/conf.d/10-auth.conf @@ -72,7 +72,7 @@ # Kerberos keytab to use for the GSSAPI mechanism. Will use the system # default (usually /etc/krb5.keytab) if not specified. You may need to change # the auth service to run as root to be able to read this file. -auth_krb5_keytab = /etc/dovecot/imap.keytab +auth_krb5_keytab = /etc/dovecot/olinda.keytab # Do NTLM and GSS-SPNEGO authentication using Samba's winbind daemon and # ntlm_auth helper.