[Freeipa-users] postfix ipa
Natxo Asenjo
natxo.asenjo at gmail.com
Fri Nov 29 10:27:36 UTC 2013
hi,
just came accross Erinn Looney-Triggs's excellent writeup on using
kerberos voor relaying e-mail
(https://stomp.colorado.edu/blog/blog/2013/07/09/on-freeipa-postfix-and-a-relaying-smtp-client/)
and have a question.
Would it not be possibly easier to just use the host's keytab
(/etc/krb5.keytab) instead of just deploying a new service principal
to every smtp client?
I ask this because I am in the point of deploying something similar
and would rather not need to have to deploy another set of keytabs
everywhere unless this is a security malpractice, of course.
TIA,
--
Groeten,
natxo
More information about the Freeipa-users
mailing list