Single-Sign-On for IMAP (was: Re: [Kolab-devel] Kolab and FreeIPA article)
Jochen Hein
jochen at jochen.org
Fri Oct 5 22:52:19 CEST 2018
kvaps <kvapss at gmail.com> writes:
> OK, here is my article about Kolab and FreeIPA integration:
>
> https://medium.com/@kvapss/install-kolab-and-integrate-it-with-freeipa-c80c3b34b7b7
Here's what is needed to activate SSO with IMAP. Thunderbird works
fine. Feedback and comments are welcome - sasl config has been tricky.
# IMAP
ipa-getkeytab -p imap/jupiter.example.org at EXAMPLE.ORG -k /etc/cyrus.keytab
# keytab is only accessible for cyrus
chmod 600 /etc/cyrus.keytab
chown cyrus:root /etc/cyrus.keytab
# sieve
ipa-getkeytab -p sieve/jupiter.example.org at EXAMPLE.ORG -k /etc/sieve.keytab
# keytab is only accessible for cyrus
chmod 600 /etc/sieve.keytab
chown cyrus:root /etc/sieve.keytab
# That's what is needed in /etc/imapd.conf:
# sasl_mech_list: PLAIN LOGIN GSSAPI
# sasl_keytab: /etc/cyrus.keytab
# sasl_saslauthd_path: /var/run/saslauthd/mux
# sieve_sasl_keytab: /etc/sieve.keytab
# loginrealms: EXAMPLE.ORG
--
This space is intentionally left blank.
More information about the users
mailing list