GSSAPI against Microsoft AD

Dieter Kluenter dieter at dkluenter.de
Fri Jul 11 03:11:16 EDT 2008


Yves Dorfsman <yves at zioup.com> writes:

> Ken Hornstein wrote:
>>> I believe that Ken Hornstein says he did, but he said it was
>>> difficult  to build.
>> Be careful ... what I did say was that that I did (well, I helped a
>> co-worker)
>> build Cyrus-SASL under Windows, and it was a giant pain in the ass.  But
>> from what I can read of the original message, that's not what he was asking.
>> When I read the message again, I realize that I'm not sure what the
>> original poster is asking.
[...]
> This documentation
> http://svn.collab.net/repos/svn/trunk/notes/sasl.txt talks about a 56
> bytes limitation, and I wonder if this is the problem I am hitting
> here.
>
> I have contacted the author of this mail:
> http://linux.derkeiler.com/Mailing-Lists/RedHat/2005-09/0103.html
> which has all the same symptoms as I get, and he told me he still has
> not resolve it. A lot of people are telling me that it should work in
> theory, but I haven't got confirmation that anybody got it working
> ever.

I have done it and got it working (sasl gssapi) with a W2K server and
postfix, cyrus-imap and openldap on Linux. This all was based on the
Microsoft docs I cited in another mail. The only tricky point was to
create propper keytabs and copy those to the Linux boxes.

-Dieter

-- 
Dieter Klünter | Systemberatung
http://www.dkluenter.de
GPG Key ID:8EF7B6C6
53°08'09,95"N
10°08'02,42"E


More information about the Cyrus-sasl mailing list