Web lists-archives.com

Re: [Samba] [Solved] GSSAPI/Kerberos authenticate with Dovecot




On Wed, 12 Dec 2018 16:43:58 +0100
basti via samba <samba@xxxxxxxxxxxxxxx> wrote:

> 
> Roland kinit -V5 DOVECOTUSER@xxxxxxxxxxx did also work
> I use the samba wiki, dont know why only export 3 keys.

No and neither do I, I just tried it and I only got 3 keys (I expected
5)

klist -e -k /root/dovecot.keytab 
Keytab name: FILE:/root/dovecot.keytab
KVNO Principal
---- --------------------------------------------------------------------------
   1 imap/host.samdom.example.com@xxxxxxxxxxxxxxxxxx (arcfour-hmac) 
   1 imap/host.samdom.example.com@xxxxxxxxxxxxxxxxxx (des-cbc-md5) 
   1 imap/host.samdom.example.com@xxxxxxxxxxxxxxxxxx (des-cbc-crc) 

Yet if I run the same command against a system keytab, amongst the
output I get lines like these:

  27 ldap/dc3.samdom.example.com@xxxxxxxxxxxxxxxxxx (des-cbc-crc) 
  27 ldap/dc3.samdom.example.com@xxxxxxxxxxxxxxxxxx (des-cbc-md5) 
  27 ldap/dc3.samdom.example.com@xxxxxxxxxxxxxxxxxx (aes128-cts-hmac-sha1-96) 
  27 ldap/dc3.samdom.example.com@xxxxxxxxxxxxxxxxxx (aes256-cts-hmac-sha1-96) 
  27 ldap/dc3.samdom.example.com@xxxxxxxxxxxxxxxxxx (arcfour-hmac) 

Hmm why only 3 keys with 'idmap' ???

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba