0

I'm setting up a mail system using Postfix (OpenLDAP backend) and Cyrus-IMAP on Debian.

Goal: I'd love to go ahead with GSSAPI authentication. I've tested the whole setup on virtual machines on my laptop, and everything works.

Problem: I need mail server(s) running sooner than I have time to migrate a few hundreds of Windows machines. That means, the Windows users will have to use separate username/passwords for their e-mail accounts only. Which is ugly. Which I'd like to avoid.

Ideally, I'd need a behavior of GSSAPI-enabled sshd. If there's a valid ticket, it just lets you in, if there's none, it asks for a password. Is it possible to do a similar trick with Cyrus-IMAP? Or am I trying to both eat the cookie and to have it?

badbishop
  • 928
  • 4
  • 12
  • 21

1 Answers1

0

Can you use a REALM Trust and configure your DNS to have suitable REALM mappings?

84104
  • 12,905
  • 6
  • 45
  • 76
  • There's nothing to map, that's the whole point. There is no AD in place, everything has been managed on computer-by-computer basis (don't ask why). The AD is considered 'too expensive', so I have to figure out some _el cheapo_ solution based on Kerberos/GSSAPI/OpenLDAP/Samba stack, and the Samba part is missing at the moment... – badbishop Feb 03 '12 at 10:19