[CentOS] CentOS 7.1.1503 + Dovecot + IPA

Thu Sep 10 18:01:29 UTC 2015
Mike <mike at microdel.org>

On Thu, 10 Sep 2015, Kanwar Ranbir Sandhu wrote:

> On 2015-09-09 14:21, Mike wrote:
>>  Yep, I have it working. It's been almost 6 months since I set it up so
>>  don't recall many details other than it was NOT trivial :). Have only
>>  used alpine and thunderbird clients, both work fine.
> I wonder if that means Evolution is broken. In any case, could you tell me 
> the changes you made to 10-auth.conf and any other files for GSSAPI auth to 
> work? I would like to compare your setup to mine and to what I've read 
> online.
> Thanks!
> Ranbir

In looking at my notes I think it was LDAP integration that gave me the 
most headaches, GSSAPI was pretty straight forward.  In any case for 
GSSAPI/SSO I'm pretty sure this is what I used primarily (noting that it 
was written with RHEL 6.2 as a target): 

And I believe these are the primary changes that I made to the dovecot 

# diff ~/etc_dovecot_orig/conf.d/10-auth.conf /etc/dovecot/conf.d/10-auth.conf
> disable_plaintext_auth = no
> auth_realms = ourdomain.com
> auth_default_realm = ourdomain.com
> auth_gssapi_hostname = mx01.ourdomain.com
> auth_krb5_keytab = /etc/dovecot/krb5.keytab
< auth_mechanisms = plain
> #auth_mechanisms = plain
> auth_mechanisms = gssapi cram-md5 plain login
< !include auth-system.conf.ext
> #!include auth-system.conf.ext
< #!include auth-ldap.conf.ext
> !include auth-ldap.conf.ext