On Thu, 10 Sep 2015, Kanwar Ranbir Sandhu wrote: > On 2015-09-09 14:21, Mike wrote: >> Yep, I have it working. It's been almost 6 months since I set it up so >> don't recall many details other than it was NOT trivial :). Have only >> used alpine and thunderbird clients, both work fine. > > I wonder if that means Evolution is broken. In any case, could you tell me > the changes you made to 10-auth.conf and any other files for GSSAPI auth to > work? I would like to compare your setup to mine and to what I've read > online. > > Thanks! > > Ranbir In looking at my notes I think it was LDAP integration that gave me the most headaches, GSSAPI was pretty straight forward. In any case for GSSAPI/SSO I'm pretty sure this is what I used primarily (noting that it was written with RHEL 6.2 as a target): http://www.freeipa.org/page/Dovecot_IMAPS_Integration_with_FreeIPA_using_Single_Sign_On And I believe these are the primary changes that I made to the dovecot config. # diff ~/etc_dovecot_orig/conf.d/10-auth.conf /etc/dovecot/conf.d/10-auth.conf 10a11 > disable_plaintext_auth = no 29a31 > auth_realms = ourdomain.com 33a36 > auth_default_realm = ourdomain.com 71a75 > auth_gssapi_hostname = mx01.ourdomain.com 76a81 > auth_krb5_keytab = /etc/dovecot/krb5.keytab 100c105,106 < auth_mechanisms = plain --- > #auth_mechanisms = plain > auth_mechanisms = gssapi cram-md5 plain login 122c128 < !include auth-system.conf.ext --- > #!include auth-system.conf.ext 124c130 < #!include auth-ldap.conf.ext --- > !include auth-ldap.conf.ext