[Dovecot] GSSAPI authentication behind HA servers

Mustafa A. Hashmi mahashmi at gmail.com
Sat Feb 3 14:02:48 UTC 2007


Hi all,

We have 2 mail servers sitting behind linux-HA machines.The mail
servers are currently running dovecot 1.0rc2.

Looking to enable GSSAPI authentication, I exported krb keytabs for
imap/node01.domain at REALM and imap/node02.domain at REALM for both mail
servers.

However, clients are connecting to mail.domain.com, which results in a
mismatch as far as the keytab is concerned (and rightly so).
Connections directly to node01 and node02 work fine for gssapi auth.

I proceeded to export a key for mail.domain.com into the same keytab
for both the nodes, however, I don't think more than a single key is
checked for the imap service, and authentication errors continued.

Is anybody running something similar? Could you please explain how you
have this working on your end?

Appreciate any help.

Regards,
-- 
Mustafa A. Hashmi
mahashmi at gmail.com


More information about the dovecot mailing list