From rom at twister.dyndns.org  Sun Aug 24 17:49:13 2008
From: rom at twister.dyndns.org (Fred Wittekind)
Date: Sun, 24 Aug 2008 13:49:13 -0400
Subject: [Freeipa-users] Exim/Dovecot Configuration Howto
Message-ID: <48B19F19.1070107@twister.dyndns.org>

|# kinit admin
||# ipa-addservice imap/mailserver.example.com
||# ipa-getkeytab -s ipaserver.example.com -p 
imap/mailserver.example.com -k /etc/krb5.keytab
||# ipa-addservice smtp/mailserver.example.com
||# ipa-getkeytab -s ipaserver.example.com -p 
smtp/mailserver.example.com -k /etc/krb5.keytab


|

Uncomment the following lines in dovecot config
  socket listen {
   client {
      path = /var/run/dovecot/auth-client
      user = dovecot
      group = exim
      mode = 0660
   }
  }

|Add gssapi to  mechanisms = line in dovecot config like this:
auth default {
    mechanisms = gssapi plain

|

Add following to exim config
begin authenticators
gssapi:
driver = dovecot
server_advertise_condition = yes
public_name = GSSAPI
server_socket = /var/run/dovecot/auth-client

If SELinux is enabled, the policy change detailed here is required:
https://bugzilla.redhat.com/show_bug.cgi?id=458406
|
   

|