[Freeipa-users] Introduction and question regarding SMTP/IMAP
Simo Sorce
simo at redhat.com
Wed Jun 25 15:25:00 UTC 2014
On Wed, 2014-06-25 at 09:52 -0500, Dave Gonzalez wrote:
> I don't know if the fact that the server is already enrolled as
> smtp/mail.domain.net make dovecot not request any ticket as
> imap/mail.domain.net as I don't see any entries for that system on
> the
> KDC log
Dovecot does not require any ticket, it's your clients that do, and you
showed me no logs of clients.
If you are configuring your client to talk to mail.domain.net, then you
*must* have a keys for imap/mail.domain.net on your IMAP server.
Keys for imap/mail01.example.net will be useless as the client won't be
looking for that ticket.
When a client is configured to talk to mail.domain.net it will ask the
KDC for a ticket for the principal named imap/mail.domain.net.
The client also may need to be told what KDC to contact for the
domain.net domain if it really is a different domain from your main one.
You used example.com and domain.net both, so unless it is a bad
substitution, it means you may want to check the documentation for
setting up a correct domain_realm section in your krb5.conf (note that
modern IPA clients that use SSSD do not need manual configuration as
long as you configure the domains list in the ipa server).
You can, of course, have multiple keys if you advertise your service
under multiple names to different clients.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-users
mailing list