292838Re: GSSAPI SMTPD Authentication and MS Active Directory
- Apr 25, 2013On 4/25/2013 12:41 PM, Quanah Gibson-Mount wrote:
> --On Thursday, April 25, 2013 12:27 PM -0700 Matthew LarsenYes.
> <utegrad@...> wrote:
>>> If you want to use SASL/GSSAPI, the clients have to be able to get a TGT
>>> from the KDC.
>> The reason I've been looking at configuring the SASL/GSSAPI mechanism is
>> that's what I see the current Exchange server doing. I'm hoping to
>> build something I can drop in place without needing to touch client
>> systems for reconfiguration.
> But exchange knows about your domain, correct? And how to authenticate
> users to AD?
>I guess that's what I'm asking, and it would make sense. Exchange would
>> I'm just puzzled as to how this works because the clients aren't
>> members of our AD domain, and I strongly doubt they have data for, or
>> access to, the DNS servers in the domain or a KDC. All they are given
>> is an SMTP server, username (DOMAIN\Username), and password.
> Because Exchange is cheating and doing the kerberos auth for them to AD?
> I.e., it isn't the clients themselves doing SASL/GSSAPI, correct? It is
be both the client and service in the Kerberos exchange if that's the
case. Can Postfix / SASL be made to do the same?
- << Previous post in topic Next post in topic >>