[Freeipa-users] Dovecot imap authentication with IPA/Kerberos
Dale Macartney
dale at themacartneyclan.com
Mon Jan 30 16:42:07 UTC 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Of course Dmitri
Here you go. I was actually trying to resolve this for an automated
kickstart process anyway. The details specific to dovecot are in the middle.
# Connect server to IPA domain (ensure DNS is working correctly
otherwise this step will fail)
ipa-client-install -U -p admin -w mysecretpassword
# install postfix if necessary (installed by default in rhel6)
yum -y install postfix
# set postfix to start on boot
chkconfig postfix on
# configure postfix with hostname, domain and origin details
sed -i 's/#myhostname = host.domain.tld/myhostname =
servername.example.com/g' /etc/postfix/main.cf
sed -i 's/#mydomain = domain.tld/mydomain = example.com/g'
/etc/postfix/main.cf
sed -i 's/#myorigin = $mydomain/myorigin = $mydomain/g' /etc/postfix/main.cf
# configure postfix to listen on all interfaces
sed -i 's/#inet_interfaces = all/inet_interfaces = all/g'
/etc/postfix/main.cf
sed -i 's/inet_interfaces = localhost/#inet_interfaces = localhost/g'
/etc/postfix/main.cf
# apply postfix changes
service postfix restart
# Install dovecot
yum -y install dovecot
# set dovecot to start on boot
chkconfig dovecot on
# set dovecot to listen on imap and imaps only
sed -i 's/#protocols = imap pop3 lmtp/protocols = imap imaps/g'
/etc/dovecot/dovecot.conf
# point dovecot to required mailbox directory (This is the section that
was previously failing)
echo "mail_location = mbox:~/mail:INBOX=/var/mail/%u" >>
/etc/dovecot/dovecot.conf
# reload dovecot to apply changes
service dovecot restart
# Apply working IPtables
cat > /etc/sysconfig/iptables << EOF
# Generated by iptables-save v1.4.7 on Tue Jan 10 12:17:41 2012
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [29:4596]
- -A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
- -A INPUT -p tcp -m tcp --dport 143 -j ACCEPT
- -A INPUT -p tcp -m tcp --dport 993 -j ACCEPT
- -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
- -A INPUT -p icmp -j ACCEPT
- -A INPUT -i lo -j ACCEPT
- -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
- -A INPUT -j REJECT --reject-with icmp-host-prohibited
- -A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Tue Jan 10 12:17:41 2012
EOF
With the above details, I am able to replicate a 100% working IPA
authenticated mail server, allowing IPA users to retrieve mail via
imap/imaps.
I hope this helps.
Dale
On 01/30/2012 01:46 PM, Dmitri Pal wrote:
> On 01/30/2012 07:16 AM, Dale Macartney wrote:
> >
>> Hi all
>>
>> I'm working on a test lab setup at the moment with RHEL 6.2 running IPA
>> 2.1 and experimenting with simple mail server setups. .
>>
>> I have mail being received base on pam lookups from IPA. The mail server
>> is tapped into IPA via the ipa-client-install.
>>
>> I am using a default install of the dovecot rpm from RHN, and dovecot is
>> listening via imap/imaps, however all authentication requests fail when
>> attempting to login via imap..
>>
>> I added the necessary keytabs for imap/mail.example.com and
>> imaps/mail.example.com to /etc/krb5.keytab but this hasn't allowed
>> authentication.
>>
>> has anyone set up dovecot through IPA before? Any recommendations?
>>
>>
> Hi Dale,
>
> Will you be so kind to share with the list a little bit more details
about how to setup Dovecot with IPA? If you can provide step by step
instructions we would publish them on the FreeIPA wiki.
>
> Thank you
> Dmitri
>
>
>> thanks all
>>
>> Dale
>>
>>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
>
> --
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager IPA project,
> Red Hat Inc.
>
>
> -------------------------------
> Looking to carve out IT costs?
> www.redhat.com/carveoutcosts/
>
>
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBAgAGBQJPJshWAAoJEAJsWS61tB+qN48P/RR7qGHnLAmfRT4dWm8b/fHp
C4oC/PtYmlw4CXxUh2ILfnnMTuGAD9sJMWHC0NGqdvKF9j/+ahcdaDg1KJmZ2JxH
C4OQKsBj5sBPcicJQIBVUzU77VbZR5ZVXidc1ixLaLETXnz48OhQy9SYu8IbuxIE
V1LJKRltJQ54CthD7xExkofiuxDQr++4IMF8WSMtApDexemrGiQtP/bfmVn2oszN
xypkaFyNk8n4oUznd8QncSo2PukxVL1Is3q+hnWwyMsQrIP0xlhVbF3YfeLmTMNv
yHh41ehS2GwmXJguYAe/dnpxHkxqXzmGBjN3lYxekfFfeUlfrxPZCVC/S9J9lrwX
rgqZFiqKdrBFINmwfqeN2MAzLggcc7sxK5cwBv9dw1wUeJxhm0junFEymrYXER3s
+Ps4UlJmH4Hts0bDomQDZ3d7Cxf2V8JtXm1ux4HkEkiVA1cUkuvvqkmcEie1XhAH
nNC7tVnJg3xYm5lTvC6WV9R9lxOWq+w4O1saJfjkqpNaqB/shoZCMv+JOQGPcaKm
SCsbOrMtUITq4jjDo84I/LLaZg3LF91aPZSfs9lJIECh3GV1+rG70X3DtjWQ9ucq
vlKG4GHRvdcTzCsb9/HOCM3aFsLOt5eb3/WQBvSWZ860xNDS6Gcd92OLkW8zainu
idEItJm/ii0j+wwW6aiT
=NvTn
-----END PGP SIGNATURE-----
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120130/c864c327/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0xB5B41FAA.asc
Type: application/pgp-keys
Size: 5790 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120130/c864c327/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0xB5B41FAA.asc.sig
Type: application/pgp-signature
Size: 543 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120130/c864c327/attachment.sig>
More information about the Freeipa-users
mailing list