290877Re: Postfix ldap_table authenticate to LDAP using GSSAPI or EXTERNAL
- Jan 22, 2013On Mon, Jan 21, 2013 at 09:05:33PM -0500, Eric McCorkle wrote:
> I am trying to set up an LDAP-based alias table, and I want postfix toI would recommend GSSAPI (Kerberos) if that's an option, over
> authenticate to LDAP using a Kerberos service principal, or at least
> using the EXTERNAL method (SSL certificate authentication).
EXTERNAL, key management is easier.
To use GSSAPI, arrange for a cron job that runs once an hour or so,
$ kinit -k -t FILE:/some/keytab -c FILE:/some/cred-cache principal
as Wietse points out: make sure the cred-cache is readable by the
"postfix" user ($mail_owner). Then make sure that the KRB5CCNAME
environment variable is set to point at the above credential cache
in the Postfix delivery agent, by setting:
... default value ...
Unfortunately, Postfix does not yet support a "+= syntax" in main.cf.
- << Previous post in topic Next post in topic >>