This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
сервер_dovecot [2021/03/10 12:13] val [Создаем ключи сервиса и копируем иx на сервер] |
сервер_dovecot [2021/10/14 09:51] val [Копируем ключи в системный keytab] |
||
---|---|---|---|
Line 11: | Line 11: | ||
==== Debian/Ubuntu ==== | ==== Debian/Ubuntu ==== | ||
- | === Без поддержки GSSAPI === | + | * [[https://help.ubuntu.com/community/Dovecot]] |
- | [[https://help.ubuntu.com/community/Dovecot]] | ||
<code> | <code> | ||
root@server:~# apt install dovecot-imapd | root@server:~# apt install dovecot-imapd | ||
</code> | </code> | ||
- | === C поддержкой GSSAPI === | + | |
- | <code> | + | |
- | root@gate:~# apt install dovecot-imapd dovecot-gssapi | + | |
- | </code> | + | |
Line 40: | Line 36: | ||
... | ... | ||
ssl = no | ssl = no | ||
- | ... | ||
- | #ssl_cert = ... | ||
- | #ssl_key = ... | ||
... | ... | ||
</code><code> | </code><code> | ||
Line 68: | Line 61: | ||
===== Kerberos GSSAPI аутентификация ===== | ===== Kerberos GSSAPI аутентификация ===== | ||
+ | <code> | ||
+ | # apt install dovecot-imapd dovecot-gssapi | ||
+ | </code> | ||
==== Создаем ключи сервиса и копируем иx на сервер ==== | ==== Создаем ключи сервиса и копируем иx на сервер ==== | ||
Line 76: | Line 72: | ||
Добавляем пользователя в AD | Добавляем пользователя в AD | ||
<code> | <code> | ||
+ | Login: gatesmtp | ||
Login: gateimap | Login: gateimap | ||
Password: Pa$$w0rd | Password: Pa$$w0rd | ||
Line 86: | Line 83: | ||
<code> | <code> | ||
C:\>ktpass -princ imap/gate.corpX.un@CORPX.UN -mapuser gateimap -pass 'Pa$$w0rd' -out gateimap.keytab | C:\>ktpass -princ imap/gate.corpX.un@CORPX.UN -mapuser gateimap -pass 'Pa$$w0rd' -out gateimap.keytab | ||
+ | |||
+ | C:\>ktpass -princ smtp/gate.corpX.un@CORPX.UN -mapuser gatesmtp -pass 'Pa$$w0rd' -out gatesmtp.keytab | ||
</code> | </code> | ||
Line 91: | Line 90: | ||
<code> | <code> | ||
C:\>pscp gateimap.keytab root@gate: | C:\>pscp gateimap.keytab root@gate: | ||
+ | |||
+ | C:\>pscp gatesmtp.keytab root@gate: | ||
</code> | </code> | ||
Line 114: | Line 115: | ||
kadmin.local: ktadd -k gateimap.keytab imap/gate.CORPX.UN | kadmin.local: ktadd -k gateimap.keytab imap/gate.CORPX.UN | ||
+ | kadmin.local: addprinc -randkey smtp/gate.corpX.un | ||
+ | kadmin.local: addprinc -e rc4-hmac:normal -randkey smtp/gate.CORPX.UN | ||
+ | |||
+ | kadmin.local: ktadd -k gatesmtp.keytab smtp/gate.corpX.un | ||
+ | kadmin.local: ktadd -k gatesmtp.keytab smtp/gate.CORPX.UN | ||
kadmin.local: exit | kadmin.local: exit | ||
</code> | </code> | ||
Line 135: | Line 141: | ||
<code> | <code> | ||
server# scp gateimap.keytab gate: | server# scp gateimap.keytab gate: | ||
+ | |||
+ | server# scp gatesmtp.keytab gate: | ||
</code> | </code> | ||
Line 150: | Line 158: | ||
root@gate:~# ktutil | root@gate:~# ktutil | ||
ktutil: rkt /root/gateimap.keytab | ktutil: rkt /root/gateimap.keytab | ||
+ | ktutil: rkt /root/gatesmtp.keytab | ||
ktutil: wkt /etc/krb5.keytab | ktutil: wkt /etc/krb5.keytab | ||
ktutil: quit | ktutil: quit | ||
Line 163: | Line 172: | ||
</code><code> | </code><code> | ||
... | ... | ||
- | #однажды понадобилось) | + | #периодически нужно :) |
- | #auth_gssapi_hostname = "$ALL" | + | auth_gssapi_hostname = "$ALL" |
... | ... | ||
- | auth_mechanisms = gssapi | + | auth_mechanisms = gssapi plain |
... | ... | ||
</code><code> | </code><code> | ||
- | debian10# chmod +r /etc/krb5.keytab | + | debian10_11# chmod +r /etc/krb5.keytab |
gate# mail user1 | gate# mail user1 |