sysadmin/linux/howto-sendmail_tls-imap_sasl-ldap-kerberosV.html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Sendmail + TLS + Cyrus IMAP/SASL + LDAP + Kerberos V HowTo</title>
<link rel="stylesheet" href="http://netfrag.org/horde/css.php?app=chora" type="text/css" />
<link rev="made" href="mailto:root@localhost" />
</head>

<body>
<table border="0" width="100%" cellspacing="0" cellpadding="3">
<tr><td class="block" valign="middle">
<big><strong><span class="block">&nbsp;Sendmail + TLS + Cyrus IMAP/SASL + LDAP + Kerberos V HowTo</span></strong></big>
</td></tr>
</table>

<p><a name="__index__"></a></p>
<!-- INDEX BEGIN -->

<ul>

        <ul>

                <li><a href="#sendmail_tls_+_cyrus_imap/sasl_+_ldap_+_amavis_+_kerberos_v_howto">Sendmail  TLS + Cyrus IMAP/SASL + LDAP + AMaViS + Kerberos V HowTo</a></li>
                <ul>

                        <li><a href="#description">Description</a></li>
                        <li><a href="#prerequisites">Prerequisites</a></li>
                        <li><a href="#amavis">AMaViS</a></li>
                        <ul>

                                <li><a href="#install">install</a></li>
                                <li><a href="#configure_&_start_amavisd">configure &amp; start amavisd</a></li>
                        </ul>

                        <li><a href="#install_sendmail">Install Sendmail</a></li>
                        <ul>

                                <li><a href="#debian">debian</a></li>
                                <li><a href="#other_systems">other systems</a></li>
                        </ul>

                        <li><a href="#configure_sendmail">Configure Sendmail</a></li>
                        <ul>

                                <li><a href="#general_sendmail.mc_configurations:">general sendmail.mc configurations:</a></li>
                        </ul>

                        <li><a href="#configure_sendmail_+_sasl_v1">Configure Sendmail  + SASL v1</a></li>
                        <ul>

                                <li><a href="#debian">debian</a></li>
                                <li><a href="#sendmail.mc_configurations(not_needed_at_debian)">sendmail.mc configurations(not needed at debian)</a></li>
                        </ul>

                        <li><a href="#configure_sendmail_+_cyrus_imap_v1">Configure Sendmail + Cyrus IMAP v1</a></li>
                        <ul>

                                <li><a href="#sendmail.mc_configurations">sendmail.mc configurations</a></li>
                        </ul>

                        <li><a href="#configure_sendmail_+_tls">Configure Sendmail  + TLS</a></li>
                        <ul>

                                <li><a href="#debian">debian</a></li>
                                <li><a href="#other_systems">other systems</a></li>
                                <li><a href="#sendmail.mc_configurations(not_needed_at_debian)">sendmail.mc configurations(not needed at debian)</a></li>
                        </ul>

                        <li><a href="#pam_+_ldap_+_mit_kerberos_v">PAM + LDAP + MIT Kerberos V</a></li>
                        <ul>

                                <li><a href="#authentication/authorizisation_via_pam_ldap">Authentication/Authorizisation via pam_ldap</a></li>
                                <li><a href="#authentication_via_mit_kerberos_v__gssapi_and_pam_krb5">Authentication via MIT Kerberos V - gssapi and pam_krb5</a></li>
                                <ul>

                                        <li><a href="#some_note_on_mit_kerberos_v">Some note on MIT Kerberos V</a></li>
                                        <li><a href="#pam_krb5">pam_krb5</a></li>
                                </ul>

                                <li><a href="#sendmail.mc_configurations">sendmail.mc configurations</a></li>
                                <li><a href="#query_'aliases'_against_ldap">query 'aliases' against ldap</a></li>
                                <li><a href="#query_map_definitions_(e.g._virtusertable,_mailertable,_access_db,_etc.)_against_ldap">query map definitions (e.g. virtusertable, mailertable, access_db, etc.) against ldap</a></li>
                        </ul>

                        <li><a href="#configure_sendmail_milter_+_amavis">Configure Sendmail Milter + AMaViS</a></li>
                        <ul>

                                <li><a href="#sendmail.mc_configurations">sendmail.mc configurations</a></li>
                        </ul>

                        <li><a href="#resources">Resources</a></li>
                        <li><a href="#todo">ToDo</a></li>
                </ul>

        </ul>

</ul>
<!-- INDEX END -->

<hr />
<p>
</p>
<h2><a name="sendmail_tls_+_cyrus_imap/sasl_+_ldap_+_amavis_+_kerberos_v_howto">Sendmail  TLS + Cyrus IMAP/SASL + LDAP + AMaViS + Kerberos V HowTo</a></h2>
<p>Sebastian Utz    <a&nbsp;href="mailto:seut@netfrag.org">seut@netfrag.org</a></p>
<p><strong>last changes</strong></p>
<pre>
  Revision 1.1  2003/01/27 09:11:05  jonen
    + create new</pre>
<p>
</p>
<h3><a name="description">Description</a></h3>
<p>Install and configure Sendmail with TLS, Cyrus IMAP/SASL, LDAP, and Kerberos V support</p>
<p>The installation instructions described here are mainly debian only.
For detailed installation instructions take a look at <a href="#resources">Resources</a>,
e.g. the ``OpenLDAP, OpenSSL, SASL and KerberosV HOWTO'' from Turbo Fredriksson explains a lot (great stuff!)...</p>
<p>
</p>
<h3><a name="prerequisites">Prerequisites</a></h3>
<pre>
  To use all described features to sendmail the following have to be installed:
    
    - Cyrus SASL v1          <a href="http://asg.web.cmu.edu/cyrus/sasl/">http://asg.web.cmu.edu/cyrus/sasl/</a>
    - Cyrus IMAP v1          <a href="http://asg.web.cmu.edu/cyrus/sasl/">http://asg.web.cmu.edu/cyrus/sasl/</a>
    - OpenLDAP 2             <a href="http://www.openldap.org/">http://www.openldap.org/</a>
    - AMaViS (Milter)          <a href="http://www.amavis.org/">http://www.amavis.org/</a>
    - MIT Kerberos V          <a href="http://web.mit.edu/kerberos/www/">http://web.mit.edu/kerberos/www/</a>
    - OpenSSL                   <a href="http://www.openssl.org/">http://www.openssl.org/</a></pre>
<p>
</p>
<h3><a name="amavis">AMaViS</a></h3>
<p>
</p>
<h4><a name="install">install</a></h4>
<pre>
  debian testing/unstable:
    
    - apt-get install amavis-milter</pre>
<pre>
  debian woody/stable:</pre>
<pre>
    - dowload latest amavis-milter_*.deb which could found at
        <a href="http://packages.debian.org/testing/mail/amavis-milter.html">http://packages.debian.org/testing/mail/amavis-milter.html</a></pre>
<pre>
    - dpkg -i amavis-milter_*.deb</pre>
<pre>
  other systems</pre>
<pre>
    sorry but I'm using Debian, for install instructions on other distributions look at 'Resource' section and always google.
    
    will try write some docu here soon, too....</pre>
<p>
</p>
<h4><a name="configure_&_start_amavisd">configure &amp; start amavisd</a></h4>
<pre>
    - edit /etc/amavid.conf to configure your local settings e.g. your used anti-virus scanner</pre>
<pre>
    - start amavid with:  /etc/init.d/amavid start
    
    note: you should always start amavid *before* sendmail as the amavis docu explained...</pre>
<p>
</p>
<h3><a name="install_sendmail">Install Sendmail</a></h3>
<p>
</p>
<h4><a name="debian">debian</a></h4>
<pre>

    - apt-get install sendmail</pre>
<p>if software described at <a href="#prerequisites">Prerequisites</a> isn't installed yet, look at 
</p>
<pre>

      -  <a href="http://www.netfrag.org/~jonen/computing/install_cyrus_sasl_v1.html">http://www.netfrag.org/~jonen/computing/install_cyrus_sasl_v1.html</a>
      -  <a href="http://www.netfrag.org/~jonen/computing/mini-howto-cyrus_imapd_v1-pam-kerberosV.html">http://www.netfrag.org/~jonen/computing/mini-howto-cyrus_imapd_v1-pam-kerberosV.html</a>
      -  others comming soon.....</pre>
<pre>
    after installing required packages, run 
    
      - sendmail config
   
   or some more specifing scripts under '/usr/share/sendmail/' (e.g. /usr/share/update_auth to update SASL support)
   and follow the instructions printed, e.g. for updating TLS support:
   
      - run: /usr/share/sendmail/update_tls
      - insert at sendmail.mc
        - debian stable/testing:    include(`/etc/mail/starttls.m4')dnl
        - debian unstable:    include(`/etc/mail/tls/starttls.m4')dnl
      - cd /etc/mail
      - run: make
      - restart sendmail: /etc/init.d/sendmail restart</pre>
<pre>
      - test supported features:
        - telnet localhost 25
        - enter: ehlo &lt;servername&gt;
        - should do some output like:
        
        250-mail.netfrag.org Hello localhost [127.0.0.1], pleased to meet you
        250-ENHANCEDSTATUSCODES
        250-PIPELINING
        250-EXPN
        250-VERB
        250-8BITMIME
        250-SIZE
        250-DSN
        250-ETRN
        250-AUTH GSSAPI CRAM-MD5 PLAIN LOGIN
        250-STARTTLS
        250-DELIVERBY
        250 HELP</pre>
<pre>
      the 'AUTH GSSAPI CRAM-MD5 PLAIN LOGIN' and 'STARTTLS' is most important to us cause this means,
      gssapi, digestmd5 and plain authentication is supported and also TLS is enabled.</pre>
<p></p>
<p>
</p>
<h4><a name="other_systems">other systems</a></h4>
<pre>
    sorry but I'm using Debian, for install instructions on other distributions look at 'Resource' section and always google.
    
    will try write some docu here soon, too....</pre>
<p>
</p>
<h3><a name="configure_sendmail">Configure Sendmail</a></h3>
<p>
</p>
<h4><a name="general_sendmail.mc_configurations:">general sendmail.mc configurations:</a></h4>
<pre>
      comming soon....</pre>
<p>
</p>
<h3><a name="configure_sendmail_+_sasl_v1">Configure Sendmail  + SASL v1</a></h3>
<p>
</p>
<h4><a name="debian">debian</a></h4>
<pre>
    - run /usr/share/sendmail/update_auth</pre>
<p>
</p>
<h4><a name="sendmail.mc_configurations(not_needed_at_debian)">sendmail.mc configurations(not needed at debian)</a></h4>
<pre>
      TRUST_AUTH_MECH(`GSSAPI PLAIN LOGIN')dnl
      define(`confAUTH_MECHANISMS', `GSSAPI PLAIN LOGIN')dnl</pre>
<p>
</p>
<h3><a name="configure_sendmail_+_cyrus_imap_v1">Configure Sendmail + Cyrus IMAP v1</a></h3>
<p>
</p>
<h4><a name="sendmail.mc_configurations">sendmail.mc configurations</a></h4>
<pre>
    dnl # Cyrus Imap
    dnl #
    define(`confLOCAL_MAILER', `cyrus')
    define(`CYRUS_MAILER_FLAGS', `A5@/:|')dnl
    define(`CYRUS_MAILER_PATH', `/usr/sbin/cyrdeliver')dnl
    define(`CYRUS_MAILER_ARGS', `cyrdeliver -e -q -m $h -- $u ')dnl
    define(`CYRUS_MAILER_USER', `cyrus:mail')dnl
    define(`CYRUS_BB_MAILER_FLAGS', `')dnl
    define(`CYRUS_BB_MAILER_ARGS', `cyrdeliver -e -q -m $u ')dnl
    dnl #
    MAILER(cyrus)dnl</pre>
<pre>
    LOCAL_CONFIG
    ## Custom configurations below (will be preserved)
    LOCAL_RULE_0
    R$=I                            $: $#cyrus $: $1
    R$=I &lt; @ $=w . &gt;                $: $#cyrus $: $1
    R$=I &lt; @ $=R . &gt;                $: $#cyrus $: $1
    Rbb + $+ &lt; @ $=w . &gt;            $#cyrusbb $: $1</pre>
<p>
</p>
<h3><a name="configure_sendmail_+_tls">Configure Sendmail  + TLS</a></h3>
<p>
</p>
<h4><a name="debian">debian</a></h4>
<pre>
      - run /usr/share/sendmail/update_tls &amp; place 'include(`/etc/mail/starttls.m4')dnl' at sendmail.mc
      - make &amp; restart sendmail
      - see &quot;Install Sendmail&quot; for details...</pre>
<p>
</p>
<h4><a name="other_systems">other systems</a></h4>
<pre>
      comming soon......</pre>
<p></p>
<p>
</p>
<h4><a name="sendmail.mc_configurations(not_needed_at_debian)">sendmail.mc configurations(not needed at debian)</a></h4>
<pre>
      TRUST_AUTH_MECH(`GSSAPI PLAIN LOGIN')dnl
      define(`confAUTH_MECHANISMS', `GSSAPI PLAIN LOGIN')dnl</pre>
<p>
</p>
<h3><a name="pam_+_ldap_+_mit_kerberos_v">PAM + LDAP + MIT Kerberos V</a></h3>
<p>
</p>
<h4><a name="authentication/authorizisation_via_pam_ldap">Authentication/Authorizisation via pam_ldap</a></h4>
<pre>
     - edit /etc/pam.d/smtp as follow:</pre>
<pre>
        auth         reqired      pam_ldap.so
        account    required    pam_ldap.so</pre>
<p>
</p>
<h4><a name="authentication_via_mit_kerberos_v__gssapi_and_pam_krb5">Authentication via MIT Kerberos V - gssapi and pam_krb5</a></h4>
<p>
</p>
<h5><a name="some_note_on_mit_kerberos_v">Some note on MIT Kerberos V</a></h5>
<pre>
      If SASL is compiled with 'gssapi' support, sendmail would support KerberosV/gssapi Authentication,
      but as I can't found any documentation about kerberosV support at up-to-date mail-clients (Evolution does kerberos4, but no gssapi... ;-(  ),
      i'm using pam_krb5 with a lots of drawbacks against real gssapi!</pre>
<pre>
      Short quote from Kerberos V5 Installation Guide (<a href="http://web.mit.edu/kerberos/www/krb5-1.2/krb5-1.2.7/doc/install.html#SEC3">http://web.mit.edu/kerberos/www/krb5-1.2/krb5-1.2.7/doc/install.html#SEC3</a>):
        
          &quot;Under Kerberos, a client (generally either a user or a service) sends a request for a ticket to the Key Distribution Center (KDC).
          The KDC creates a ticket-granting ticket (TGT) for the client, encrypts it using the client's password as the key, 
          and sends the encrypted TGT back to the client. The client then attempts to decrypt the TGT, using its password.
          If the client successfully decrypts the TGT (i.e., if the client gave the correct password), it keeps the decrypted TGT, 
          which indicates proof of the client's identity.&quot;</pre>
<pre>
      As you read, no passwords would go over the network, so security would be much improved!</pre>
<p>
</p>
<h5><a name="pam_krb5">pam_krb5</a></h5>
<pre>
      If pam_krb5 is used, PAM will request a 'faked' ticket for the deamons which you want authenticate on.
      Also only PLAIN passwords are supported, which means, PLAIN passwords will go over your network
      what would be very unsecure!
      But if we are using TLS (which is always a good idea), passwords will go through a Secure Transport Layer
      which encrypts the whole connection, so pam_krb5 over TLS would be ok for now....
        
      - edit /etc/pam.d/smtp as follow:</pre>
<pre>
          auth         required   pam_krb5.so
          account    required   pam_ldap.so</pre>
<p>
</p>
<h4><a name="sendmail.mc_configurations">sendmail.mc configurations</a></h4>
<pre>
     - read <a href="http://www.sendmail.org/m4/ldap_routing.html">http://www.sendmail.org/m4/ldap_routing.html</a> !!
     - i added an 'sendmail' user to ldap like followed which allows sendmail to query request:</pre>
<pre>
        uid=sendmail,ou=People,dc=netfrag,c=org
        objectClass: top
        objectClass: account
        objectClass: possixAccount
        uid: sendmail
        cn: sendmail account
        uidNumber: 25
        gidNumber: 25
        homeDirectory: /etc/mail
        userPassword::
        
     
     - set default bind DN after ' -b'
     - set sendmail user, used for query requests after '-d'
     - other option, but still not tested/needed (kerberos5/gssapi supported ?)
     
        -m &lt;authentication mechanism&gt;  (none | simple | krb4)
        -P &lt;passinfo&gt;                             (/path/to/passwd_containing_file | /path/to/krb4_ticket)</pre>
<pre>
    
      dnl  #  define LDAP server used for routing
      define(`confLDAP_DEFAULT_SPEC',`-h ldap.netfrag.org -b ou=Mail,dc=netfrag,dc=org -d uid=sendmail,ou=People,dc=netfrag,dc=org')dnl
      
      dnl  #  define path to file which includes routeabled domains
      LDAPROUTE_DOMAIN_FILE(`/etc/mail/ldapdomains')dnl
      
      dnl  # switch ldap routing on
      FEATURE(ldap_routing)dnl</pre>
<pre>
    - example '/etc/mail/ldapdomains':
    
        netfrag.org
        example.com
        your-domain.com</pre>
<p>
</p>
<h4><a name="query_'aliases'_against_ldap">query 'aliases' against ldap</a></h4>
<pre>
      - To use the default schema, simply use(at sendmail.mc):</pre>
<pre>
        define(`ALIAS_FILE', `ldap:')</pre>
<pre>
      - By doing so, you will use the default schema which expands to a map declared as follows:</pre>
<pre>
        ldap -k (&amp;(objectClass=sendmailMTAAliasObject)
        (sendmailMTAAliasGrouping=aliases)
        (|(sendmailMTACluster=${sendmailMTACluster})
        (sendmailMTAHost=$j))
        (sendmailMTAKey=%0))
        -v sendmailMTAAliasValue
      
      - Example LDAP LDIF entries might be:</pre>
<pre>
        dn: sendmailMTAKey=test-aliases, ou=Mail, dc=netfrag, dc=org
        objectClass: top
        objectClass: sendmailMTA
        objectClass: sendmailMTAAlias
        objectClass: sendmailMTAAliasObject
        sendmailMTAAliasGrouping: aliases
        sendmailMTAHost: mail.netfrag.org
        sendmailMTAKey: test-aliases
        sendmailMTAAliasValue: jonen</pre>
<pre>
        dn: sendmailMTAKey=postmaster, ou=Mail, dc=netfrag, dc=org
        objectClass: top
        objectClass: sendmailMTA
        objectClass: sendmailMTAAlias
        objectClass: sendmailMTAAliasObject
        sendmailMTAAliasGrouping: aliases
        sendmailMTACluster: Servers
        sendmailMTAKey: postmaster
        sendmailMTAAliasValue: jonen</pre>
<p></p>
<p>
</p>
<h4><a name="query_map_definitions_(e.g._virtusertable,_mailertable,_access_db,_etc.)_against_ldap">query map definitions (e.g. virtusertable, mailertable, access_db, etc.) against ldap</a></h4>
<pre>
      - read <a href="http://www.sendmail.org/m4/ldap.html">http://www.sendmail.org/m4/ldap.html</a>  !!
      - example for 'virtusertable' (other map definitions goes near the same way..):
        
        - sendmail.mc:
        
        FEATURE(`virtusertable', `LDAP')</pre>
<pre>
        - add sendmailMTAMapName (have to be created for each map definition!!)</pre>
<pre>
        dn: sendmailMTAMapName=virtuser, ou=Mail, dc=netfrag, dc=org
        objectClass: top
        objectClass: sendmailMTA
        objectClass: sendmailMTAMap
        sendmailMTAHost: mail.netfrag.org
        sendmailMTAMapName: virtuser
        
        - example virtuser entries:</pre>
<pre>
        dn: sendmailMTAKey=test-virtuser@netfrag.com, ou=Mail, dc=netfrag, dc=org
        objectClass: sendmailMTA
        objectClass: sendmailMTAMap
        objectClass: sendmailMTAMapObject
        sendmailMTAMapName: virtuser
        sendmailMTAHost: mail.netfrag.org
        sendmailMTAKey: test-virtuser@netfrag.org
        sendmailMTAMapValue: jonen</pre>
<pre>
        dn: sendmailMTAKey=no-user@example.com, ou=Mail, dc=netfrag, dc=org
        objectClass: sendmailMTA
        objectClass: sendmailMTAMap
        objectClass: sendmailMTAMapObject
        sendmailMTAMapName: virtuser
        sendmailMTAHost: mail.netfrag.org
        sendmailMTAKey: no-user@example.com
        sendmailMTAMapValue: error: no-user@example.com doesn't exits here</pre>
<p></p>
<p>
</p>
<h3><a name="configure_sendmail_milter_+_amavis">Configure Sendmail Milter + AMaViS</a></h3>
<p>
</p>
<h4><a name="sendmail.mc_configurations">sendmail.mc configurations</a></h4>
<pre>
      define(`MILTER', 1)
      INPUT_MAIL_FILTER(`milter-amavis',`S=local:/var/run/amavis/amavis-milter.sock, F=T, T=S:10m;R:10m;E:10m')</pre>
<p>
</p>
<h3><a name="resources">Resources</a></h3>
<dl>
<dt><strong><a name="item_sendmail">Sendmail</a></strong><br />
</dt>
<dd>
<pre>
    <a href="http://www.sendmail.org/">http://www.sendmail.org/</a></pre>
</dd>
<dt><strong><a name="item_ldap_implementation_howto">LDAP Implementation HOWTO</a></strong><br />
</dt>
<dd>
<pre>
    <a href="http://www.tldp.org/HOWTO/LDAP-Implementation-HOWTO/">http://www.tldp.org/HOWTO/LDAP-Implementation-HOWTO/</a></pre>
</dd>
<dt><strong><a name="item_openldap">OpenLDAP</a></strong><br />
</dt>
<dd>
<pre>
    <a href="http://www.openldap.org/">http://www.openldap.org/</a></pre>
</dd>
<dt><strong><a name="item_mit_kerberos_v5">MIT Kerberos V5</a></strong><br />
</dt>
<dd>
<pre>
    <a href="http://web.mit.edu/kerberos/www/">http://web.mit.edu/kerberos/www/</a></pre>
</dd>
<dt><strong><a name="item_kerberos_authenticated_smtp_service_installation_i">Kerberos Authenticated SMTP Service Installation Instructions</a></strong><br />
</dt>
<dd>
<pre>
    <a href="http://www.upenn.edu/computing/pennkey/sysadmin/d_install_unix/smtp.html">http://www.upenn.edu/computing/pennkey/sysadmin/d_install_unix/smtp.html</a></pre>
</dd>
<dt><strong><a name="item_sendmail_with_ldap%2c_tls_and_auth">sendmail with LDAP, TLS and AUTH</a></strong><br />
</dt>
<dd>
<pre>
    <a href="http://logout.sh/computers/sendmail/">http://logout.sh/computers/sendmail/</a></pre>
</dd>
<dt><strong><a name="item_sendmail_%2b_ldap_howto">Sendmail + LDAP HOWTO</a></strong><br />
</dt>
<dd>
<pre>
    <a href="http://www.iconimaging.net/~jradford/sendmail/sendmail-ldap.html">http://www.iconimaging.net/~jradford/sendmail/sendmail-ldap.html</a></pre>
</dd>
<dt><strong><a name="item_sendmail_mit_milter%2c_amavis%2c_cyrus_imap_%2b_ss">Sendmail mit Milter, AMaViS, Cyrus IMAP + SSL, Anti Spam</a></strong><br />
</dt>
<dd>
<pre>
    <a href="http://wwwhomes.uni-bielefeld.de/schoppa/saia-howto.html">http://wwwhomes.uni-bielefeld.de/schoppa/saia-howto.html</a></pre>
</dd>
<dt><strong><a name="item_sendmail_mit_milter%2c_amavis%2c_anti_spam%2c_cyru">Sendmail mit Milter, AMaViS, Anti Spam, Cyrus IMAP auf Debian woody Basis</a></strong><br />
</dt>
<dd>
<pre>
    <a href="http://wwwhomes.uni-bielefeld.de/schoppa/saia-woody-howto.html">http://wwwhomes.uni-bielefeld.de/schoppa/saia-woody-howto.html</a></pre>
</dd>
<dt><strong><a name="item_amavis">AMaViS</a></strong><br />
</dt>
<dd>
<pre>
    <a href="http://www.amavis.org/">http://www.amavis.org/</a></pre>
</dd>
</dl>
<p>
</p>
<h3><a name="todo">ToDo</a></h3>
<pre>
  o seems NO mail-client currently supports kerberos V tickets, DO MORE RESEARCH!
  x so use pam_krb5
    o if so, seems only PLAIN password authentication works (no Digest-MD5 or others!)
    x so usage of TLS/SSL for secure trasport layer is recommend
  o docu installation for other distribution than Debian
  o check out Cyrus Imapd v2 and SASL v2 more and write howto
  o MORE docu !!
  

</pre>
<p><a href="#__index__"><small>back to top</small></a></p>
<table border="0" width="100%" cellspacing="0" cellpadding="3">
<tr><td class="block" valign="middle">
<big><strong><span class="block">&nbsp;Sendmail + TLS + Cyrus IMAP/SASL + LDAP + Kerberos V HowTo</span></strong></big>
</td></tr>
</table>

</body>

</html>
MailToCvsAdmin">MailToCvsAdmin	ViewVC Help
Powered by ViewVC 1.1.26