[Freeipa-users] Dovecot imap authentication with IPA/Kerberos
Dmitri Pal
dpal at redhat.com
Mon Jan 30 17:02:17 UTC 2012
On 01/30/2012 11:42 AM, Dale Macartney wrote:
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Of course Dmitri
>
> Here you go. I was actually trying to resolve this for an automated
> kickstart process anyway. The details specific to dovecot are in the
> middle.
>
> # Connect server to IPA domain (ensure DNS is working correctly
> otherwise this step will fail)
> ipa-client-install -U -p admin -w mysecretpassword
>
> # install postfix if necessary (installed by default in rhel6)
> yum -y install postfix
>
> # set postfix to start on boot
> chkconfig postfix on
>
> # configure postfix with hostname, domain and origin details
> sed -i 's/#myhostname = host.domain.tld/myhostname =
> servername.example.com/g' /etc/postfix/main.cf
> sed -i 's/#mydomain = domain.tld/mydomain = example.com/g'
> /etc/postfix/main.cf
> sed -i 's/#myorigin = $mydomain/myorigin = $mydomain/g'
> /etc/postfix/main.cf
>
> # configure postfix to listen on all interfaces
> sed -i 's/#inet_interfaces = all/inet_interfaces = all/g'
> /etc/postfix/main.cf
> sed -i 's/inet_interfaces = localhost/#inet_interfaces = localhost/g'
> /etc/postfix/main.cf
>
> # apply postfix changes
> service postfix restart
>
> # Install dovecot
> yum -y install dovecot
>
> # set dovecot to start on boot
> chkconfig dovecot on
>
> # set dovecot to listen on imap and imaps only
> sed -i 's/#protocols = imap pop3 lmtp/protocols = imap imaps/g'
> /etc/dovecot/dovecot.conf
>
> # point dovecot to required mailbox directory (This is the section
> that was previously failing)
> echo "mail_location = mbox:~/mail:INBOX=/var/mail/%u" >>
> /etc/dovecot/dovecot.conf
>
> # reload dovecot to apply changes
> service dovecot restart
>
> # Apply working IPtables
> cat > /etc/sysconfig/iptables << EOF
> # Generated by iptables-save v1.4.7 on Tue Jan 10 12:17:41 2012
> *filter
> :INPUT ACCEPT [0:0]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [29:4596]
> - -A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
> - -A INPUT -p tcp -m tcp --dport 143 -j ACCEPT
> - -A INPUT -p tcp -m tcp --dport 993 -j ACCEPT
> - -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
> - -A INPUT -p icmp -j ACCEPT
> - -A INPUT -i lo -j ACCEPT
> - -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
> - -A INPUT -j REJECT --reject-with icmp-host-prohibited
> - -A FORWARD -j REJECT --reject-with icmp-host-prohibited
> COMMIT
> # Completed on Tue Jan 10 12:17:41 2012
> EOF
>
> With the above details, I am able to replicate a 100% working IPA
> authenticated mail server, allowing IPA users to retrieve mail via
> imap/imaps.
>
> I hope this helps.
>
A lot! Thanks!
http://freeipa.org/page/Dovecot_Integration
>
> Dale
>
>
>
> On 01/30/2012 01:46 PM, Dmitri Pal wrote:
>
> -
_______________________________________________
Freeipa-users mailing list
Freeipa-users at redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IPA project,
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120130/27ff4819/attachment.htm>
More information about the Freeipa-users
mailing list