Single-Sign-On for IMAP (was: Re: [Kolab-devel] Kolab and FreeIPA article)

Jochen Hein jochen at jochen.org
Fri Oct 5 22:52:19 CEST 2018


kvaps <kvapss at gmail.com> writes:

> OK, here is my article about Kolab and FreeIPA integration:
>
> https://medium.com/@kvapss/install-kolab-and-integrate-it-with-freeipa-c80c3b34b7b7

Here's what is needed to activate SSO with IMAP.  Thunderbird works
fine.  Feedback and comments are welcome - sasl config has been tricky.

# IMAP
ipa-getkeytab -p imap/jupiter.example.org at EXAMPLE.ORG -k /etc/cyrus.keytab
# keytab is only accessible for cyrus
chmod 600 /etc/cyrus.keytab
chown cyrus:root /etc/cyrus.keytab

# sieve
ipa-getkeytab -p sieve/jupiter.example.org at EXAMPLE.ORG -k /etc/sieve.keytab
# keytab is only accessible for cyrus
chmod 600 /etc/sieve.keytab
chown cyrus:root /etc/sieve.keytab

# That's what is needed in /etc/imapd.conf:
# sasl_mech_list: PLAIN LOGIN GSSAPI
# sasl_keytab: /etc/cyrus.keytab
# sasl_saslauthd_path: /var/run/saslauthd/mux
# sieve_sasl_keytab: /etc/sieve.keytab
# loginrealms: EXAMPLE.ORG

-- 
This space is intentionally left blank.


More information about the users mailing list