This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
сервер_dovecot [2021/10/12 14:17] val [Kerberos GSSAPI аутентификация] |
сервер_dovecot [2021/10/14 09:47] val [Создаем ключи сервиса и копируем иx на сервер] |
||
---|---|---|---|
Line 72: | Line 72: | ||
Добавляем пользователя в AD | Добавляем пользователя в AD | ||
<code> | <code> | ||
+ | Login: gatesmtp | ||
Login: gateimap | Login: gateimap | ||
Password: Pa$$w0rd | Password: Pa$$w0rd | ||
Line 82: | Line 83: | ||
<code> | <code> | ||
C:\>ktpass -princ imap/gate.corpX.un@CORPX.UN -mapuser gateimap -pass 'Pa$$w0rd' -out gateimap.keytab | C:\>ktpass -princ imap/gate.corpX.un@CORPX.UN -mapuser gateimap -pass 'Pa$$w0rd' -out gateimap.keytab | ||
+ | |||
+ | C:\>ktpass -princ smtp/gate.corpX.un@CORPX.UN -mapuser gatesmtp -pass 'Pa$$w0rd' -out gatesmtp.keytab | ||
</code> | </code> | ||
Line 87: | Line 90: | ||
<code> | <code> | ||
C:\>pscp gateimap.keytab root@gate: | C:\>pscp gateimap.keytab root@gate: | ||
+ | |||
+ | C:\>pscp gatesmtp.keytab root@gate: | ||
</code> | </code> | ||
Line 110: | Line 115: | ||
kadmin.local: ktadd -k gateimap.keytab imap/gate.CORPX.UN | kadmin.local: ktadd -k gateimap.keytab imap/gate.CORPX.UN | ||
+ | kadmin.local: addprinc -randkey smtp/gate.corpX.un | ||
+ | kadmin.local: addprinc -e rc4-hmac:normal -randkey smtp/gate.CORPX.UN | ||
+ | |||
+ | kadmin.local: ktadd -k gatesmtp.keytab smtp/gate.corpX.un | ||
+ | kadmin.local: ktadd -k gatesmtp.keytab smtp/gate.CORPX.UN | ||
kadmin.local: exit | kadmin.local: exit | ||
</code> | </code> | ||
Line 131: | Line 141: | ||
<code> | <code> | ||
server# scp gateimap.keytab gate: | server# scp gateimap.keytab gate: | ||
+ | |||
+ | server# scp gatesmtp.keytab gate: | ||
</code> | </code> | ||
Line 159: | Line 171: | ||
</code><code> | </code><code> | ||
... | ... | ||
- | #однажды понадобилось) | + | #периодически нужно :) |
- | #auth_gssapi_hostname = "$ALL" | + | auth_gssapi_hostname = "$ALL" |
... | ... | ||
auth_mechanisms = gssapi plain | auth_mechanisms = gssapi plain | ||
... | ... | ||
</code><code> | </code><code> | ||
- | debian10# chmod +r /etc/krb5.keytab | + | debian10_11# chmod +r /etc/krb5.keytab |
gate# mail user1 | gate# mail user1 |