Loading ...
Sorry, an error occurred while loading the content.

292831Re: GSSAPI SMTPD Authentication and MS Active Directory

Expand Messages
  • Quanah Gibson-Mount
    Apr 24, 2013
    • 0 Attachment
      --On Wednesday, April 24, 2013 5:35 PM -0700 Matthew Larsen
      <utegrad@...> wrote:

      > I'm working on a project to replace an Exchange 2003 server that is only
      > still around these days because we have lots of SMTP clients around the
      > country that use it as an SMTP relay.  It only relays messages for
      > clients authenticated by our Active Directory domain.  Members of a
      > group in the parent domain and a group in the child domain are given
      > relay permissions for this server.  

      If you replaced Exchange 2003 with Zimbra, and set up external auth to your
      AD server, then it would use the custom zimbra authentication method for
      cyrus-sasl to auth your clients against AD. I don't know what you intend
      on replacing Exchange with though, so that may be a bit more than you want.
      But it is a solution.

      If you want to use SASL/GSSAPI, the clients have to be able to get a TGT
      from the KDC.

      Alternatively, you could just do straight ldap authentication against AD,
      instead of Kerberos-AD, something like:




      Quanah Gibson-Mount
      Sr. Member of Technical Staff
      Zimbra, Inc
      A Division of VMware, Inc.
      Zimbra :: the leader in open source messaging and collaboration
    • Show all 8 messages in this topic