kerberos and smartphone clients
Nikolay Shopik
shopik at inblock.ru
Tue Feb 9 14:40:51 EST 2010
On 09.02.2010 18:08, Luke Scharf wrote:
> If you're using virtual users on the e-mail server, then saslauthd can
> be configured to attempt to log in to Kerberos to see if the password is
> valid instead of PAM. This is an application-level way to check
> credentials, as opposed to a system-level method like PAM -- so if your
> users don't show up in getent, then saslauthd is the way to go.
Actually Dovecot SASL + pam_krb5 and virtual users works very well. I've
just add two strings to /etc/pam.d/dovecot
auth sufficient pam_krb5.so
account sufficient pam_krb5.so
But thanks anyway pointing to right way.
More information about the Kerberos
mailing list