User Tools
сервер_dovecot
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
|
сервер_dovecot [2020/06/25 15:05] val [Аутентификация на основе пользовательских сертификатов] |
сервер_dovecot [2021/10/12 14:47] val [Настройка dovecot на использование GSSAPI] |
||
|---|---|---|---|
| Line 11: | Line 11: | ||
| ==== Debian/Ubuntu ==== | ==== Debian/Ubuntu ==== | ||
| - | === Без поддержки GSSAPI === | + | * [[https://help.ubuntu.com/community/Dovecot]] |
| - | [[https://help.ubuntu.com/community/Dovecot]] | ||
| <code> | <code> | ||
| root@server:~# apt install dovecot-imapd | root@server:~# apt install dovecot-imapd | ||
| - | |||
| - | root@server:~# cd /etc/dovecot/conf.d/ | ||
| </code> | </code> | ||
| - | === C поддержкой GSSAPI === | ||
| - | <code> | ||
| - | root@gate:~# apt install dovecot-imapd dovecot-gssapi | ||
| - | root@gate:~# cd /etc/dovecot/conf.d/ | ||
| - | </code> | ||
| - | ==== FreeBSD ==== | ||
| - | === Без поддержки GSSAPI === | ||
| - | <code> | ||
| - | [server:~] # pkg install dovecot | ||
| - | </code> | ||
| - | |||
| - | === C поддержкой GSSAPI === | ||
| - | <code> | ||
| - | [gate:~] # cd /usr/ports/mail/dovecot2 | ||
| - | [gate:ports/mail/dovecot2] # make config | ||
| - | [gate:ports/mail/dovecot2] make showconfig | grep '=on' | ||
| - | </code><code> | ||
| - | DOCS=on: Build and/or install documentation | ||
| - | EXAMPLES=on: Build and/or install examples | ||
| - | KQUEUE=on: kqueue(2) support | ||
| - | GSSAPI_BASE=on: Use GSSAPI from base | ||
| - | </code><code> | ||
| - | [gate:ports/mail/dovecot2] # make install clean | ||
| - | </code> | ||
| - | |||
| - | === Подготовка к запуску === | ||
| - | <code> | ||
| - | [gate:~] # cat /etc/rc.conf | ||
| - | </code><code> | ||
| - | ... | ||
| - | dovecot_enable=yes | ||
| - | </code><code> | ||
| - | [gate:~] # cp -R /usr/local/etc/dovecot/example-config/ /usr/local/etc/dovecot/ | ||
| - | |||
| - | [gate:~] # cd /usr/local/etc/dovecot/conf.d/ | ||
| - | </code> | ||
| ===== Настройка с использованием стандартных mailboxes и аутентификации открытым текстом ===== | ===== Настройка с использованием стандартных mailboxes и аутентификации открытым текстом ===== | ||
| - | + | !!! Можно не делать, если удастся "уговорить" Thunderbird использовать самоподписанные сертификаты (не удалось под Linux) | |
| <code> | <code> | ||
| - | server# cat 10-auth.conf | + | server# cat /etc/dovecot/conf.d/10-auth.conf |
| </code><code> | </code><code> | ||
| ... | ... | ||
| Line 72: | Line 32: | ||
| ... | ... | ||
| </code><code> | </code><code> | ||
| - | server# cat 10-ssl.conf | + | server# cat /etc/dovecot/conf.d/10-ssl.conf |
| </code><code> | </code><code> | ||
| ... | ... | ||
| ssl = no | ssl = no | ||
| - | ... | ||
| - | #ssl_cert = ... | ||
| - | #ssl_key = ... | ||
| ... | ... | ||
| </code><code> | </code><code> | ||
| - | server# cat 10-mail.conf | + | server# less /etc/dovecot/conf.d/10-mail.conf |
| </code><code> | </code><code> | ||
| ... | ... | ||
| Line 104: | Line 61: | ||
| ===== Kerberos GSSAPI аутентификация ===== | ===== Kerberos GSSAPI аутентификация ===== | ||
| + | <code> | ||
| + | # apt install dovecot-imapd dovecot-gssapi | ||
| + | </code> | ||
| ==== Создаем ключи сервиса и копируем иx на сервер ==== | ==== Создаем ключи сервиса и копируем иx на сервер ==== | ||
| Line 151: | Line 111: | ||
| kadmin.local: exit | kadmin.local: exit | ||
| + | </code> | ||
| + | |||
| + | === Samba4 === | ||
| + | <code> | ||
| + | server# samba-tool user create gatemail | ||
| + | |||
| + | server# samba-tool user setexpiry gatemail --noexpiry | ||
| + | |||
| + | server# samba-tool spn add imap/gate.corpX.un gatemail | ||
| + | server# samba-tool spn add smtp/gate.corpX.un gatemail | ||
| + | |||
| + | server# samba-tool spn list gatemail | ||
| + | |||
| + | server# samba-tool domain exportkeytab gateimap.keytab --principal=imap/gate.corpX.un | ||
| + | server# samba-tool domain exportkeytab gatesmtp.keytab --principal=smtp/gate.corpX.un | ||
| </code> | </code> | ||
| Line 181: | Line 156: | ||
| <code> | <code> | ||
| - | # cat 10-auth.conf | + | # cat /etc/dovecot/conf.d/10-auth.conf |
| </code><code> | </code><code> | ||
| ... | ... | ||
| + | #периодически нужно :) | ||
| auth_gssapi_hostname = "$ALL" | auth_gssapi_hostname = "$ALL" | ||
| ... | ... | ||
| - | auth_mechanisms = gssapi | + | auth_mechanisms = gssapi plain |
| ... | ... | ||
| - | </code> | + | </code><code> |
| + | debian10_11# chmod +r /etc/krb5.keytab | ||
| - | ==== Настройка клиента Thunderbird на использование GSSAPI ==== | ||
| - | <code> | ||
| gate# mail user1 | gate# mail user1 | ||
| </code> | </code> | ||
| - | Email адрес: user1@gate.corpX.un | + | * Thunderbird - [[Thunderbird#Настройка на использование GSSAPI]] |
| - | При первом запуске Thunderbird отмените получение почты с указанием пароля | ||
| - | Откройте свойства папки user1@gate.corpX.un -> Параметры сервера->Использовать аутентификацию GSSAPI | ||
| ===== Аутентификация для postfix ===== | ===== Аутентификация для postfix ===== | ||
| Line 214: | Line 187: | ||
| ... | ... | ||
| </code> | </code> | ||
| - | |||
| - | ===== NTLM аутентификация и авторизация ===== | ||
| - | |||
| - | * [[Сервис WINBIND#Регистрация unix системы в домене в режиме DOMAIN]] | ||
| - | * [[Сервис WINBIND#Авторизация в режиме DOMAIN]] | ||
| - | |||
| - | ==== Настройка dovecot на использование NTLM ==== | ||
| - | <code> | ||
| - | # cat 10-auth.conf | ||
| - | </code><code> | ||
| - | ... | ||
| - | auth_use_winbind = yes | ||
| - | ... | ||
| - | #auth_winbind_helper_path = /usr/bin/ntlm_auth #For Linux | ||
| - | #auth_winbind_helper_path = /usr/local/bin/ntlm_auth #For FreeBSD | ||
| - | ... | ||
| - | auth_mechanisms = ntlm | ||
| - | ... | ||
| - | </code><code> | ||
| - | # chown root:dovecot /var/run/samba/winbindd_privileged/ #For Linux | ||
| - | |||
| - | # chown root:dovecot /var/db/samba34/winbindd_privileged/ #For FreeBSD | ||
| - | # chown root:dovecot /var/db/samba/winbindd_privileged/ #For FreeBSD | ||
| - | </code> | ||
| - | |||
| - | ==== Настройка клиента Outlook Express на использование NTLM ==== | ||
| - | ... | ||
| - | Использовать безопасную проверку пароля (SPA) | ||
| - | ... | ||
| ===== Использование сертификатов для шифрования трафика ===== | ===== Использование сертификатов для шифрования трафика ===== | ||
| Line 250: | Line 194: | ||
| ==== Debian/Ubuntu/FreeBSD ==== | ==== Debian/Ubuntu/FreeBSD ==== | ||
| <code> | <code> | ||
| - | server# cat 10-auth.conf | + | server# cat /etc/dovecot/conf.d/10-auth.conf |
| </code><code> | </code><code> | ||
| ... | ... | ||
| Line 256: | Line 200: | ||
| ... | ... | ||
| </code><code> | </code><code> | ||
| - | server# cat 10-ssl.conf | + | server# cat /etc/dovecot/conf.d/10-ssl.conf |
| </code><code> | </code><code> | ||
| ... | ... | ||
| Line 318: | Line 262: | ||
| ... | ... | ||
| </code> | </code> | ||
| + | |||
| + | ===== Дополнительные материалы ===== | ||
| + | |||
| + | ==== FreeBSD ==== | ||
| + | |||
| + | === Без поддержки GSSAPI === | ||
| + | <code> | ||
| + | [server:~] # pkg install dovecot | ||
| + | </code> | ||
| + | |||
| + | === C поддержкой GSSAPI === | ||
| + | <code> | ||
| + | [gate:~] # cd /usr/ports/mail/dovecot2 | ||
| + | [gate:ports/mail/dovecot2] # make config | ||
| + | [gate:ports/mail/dovecot2] make showconfig | grep '=on' | ||
| + | </code><code> | ||
| + | DOCS=on: Build and/or install documentation | ||
| + | EXAMPLES=on: Build and/or install examples | ||
| + | KQUEUE=on: kqueue(2) support | ||
| + | GSSAPI_BASE=on: Use GSSAPI from base | ||
| + | </code><code> | ||
| + | [gate:ports/mail/dovecot2] # make install clean | ||
| + | </code> | ||
| + | |||
| + | === Подготовка к запуску === | ||
| + | <code> | ||
| + | [gate:~] # cat /etc/rc.conf | ||
| + | </code><code> | ||
| + | ... | ||
| + | dovecot_enable=yes | ||
| + | </code><code> | ||
| + | [gate:~] # cp -R /usr/local/etc/dovecot/example-config/ /usr/local/etc/dovecot/ | ||
| + | |||
| + | [gate:~] # cd /usr/local/etc/dovecot/conf.d/ | ||
| + | </code> | ||
| + | |||
| + | ==== NTLM аутентификация и авторизация ==== | ||
| + | |||
| + | * [[Сервис WINBIND#Регистрация unix системы в домене в режиме DOMAIN]] | ||
| + | * [[Сервис WINBIND#Авторизация в режиме DOMAIN]] | ||
| + | |||
| + | === Настройка dovecot на использование NTLM === | ||
| + | <code> | ||
| + | # cat 10-auth.conf | ||
| + | </code><code> | ||
| + | ... | ||
| + | auth_use_winbind = yes | ||
| + | ... | ||
| + | #auth_winbind_helper_path = /usr/bin/ntlm_auth #For Linux | ||
| + | #auth_winbind_helper_path = /usr/local/bin/ntlm_auth #For FreeBSD | ||
| + | ... | ||
| + | auth_mechanisms = ntlm | ||
| + | ... | ||
| + | </code><code> | ||
| + | # chown root:dovecot /var/run/samba/winbindd_privileged/ #For Linux | ||
| + | |||
| + | # chown root:dovecot /var/db/samba34/winbindd_privileged/ #For FreeBSD | ||
| + | # chown root:dovecot /var/db/samba/winbindd_privileged/ #For FreeBSD | ||
| + | </code> | ||
| + | |||
| + | === Настройка клиента Outlook Express на использование NTLM === | ||
| + | ... | ||
| + | Использовать безопасную проверку пароля (SPA) | ||
| + | ... | ||
сервер_dovecot.txt · Last modified: 2024/05/01 09:42 by val
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
