Postfix smtp gssapi idm(IPA)

Latest response


I have Dovecot imap working receiving mail with gssapi and IPA authentication but also wish to have same level of security when sending mail through smtp.

Is it possible to get postfix to do that and if so, how?




To plug PostFix into alternative authentication mechanisms, look at the SASL authentication daemon/service (`saslauthd`). I've  used it to authenticate to LDAP and MySQL back-ends. There are also GSSAPI (and other) modules for it.

Thank you for the tip, i now have a working PostFix smtp server with GSSAPI and StartTLS that works with IPA users..

I used 'smtpd_sasl_type = dovecot' thus using Dovecot to help with the GSSAPI connection.



Ah: ended up emulating the old "POP before SMTP" authentication method.

If you ever have to split your POP/IMAP service onto a server separate from your SMTP (or even just SMTP-relay) service, you'll either have to re-investigate using saslauthd's native GSSAPI connector or putting in a connector-service to link your SMTP host to your POP/IMAP host. Though, that should really only be necessary on larger mail implementations.