Registrer and earn money just click

Register here, view advertisements and make real money.This site is best for online business you can earn money just by viewing ads and only 10 minutes per day. If you are looking for additional income this site is for you. In time, these additional benefits may exceed your basic income double or even triple.

Sunday, January 31, 2010

Active Directory and Cyrus SASL Authentication

The Postfix Cyrus SASL support is used to authenticate remote SMTP clients to the Postfix SMTP server. Thanks to the Pluggable Authentication Modules (PAM) in Linux, we can configure Cyrus SASL to delegate the authentication process to an Active Directory server.

Setup and Configure Kerberos


The steps below describes how to configure Kerberos using the GUI tool. You can apply the changes manually by editing the file /etc/krb5.conf.

ImportantThe Kerberos network authentication protocol requires the clocks of the involved machines to be synchronized or at least the difference is less than 5 minutes.

1. Click System, select Administration and click Authentication. This will launch the Authentication Configuration window.
2. Click the Authentication tab and check the Enable Kerberos Support. Next, click the Configure Kerberos button.
3. In the Kerberos Settings window, fill in the Realm, clear out KDC and Admin Servers and check the Use DNS to locate KDCs for realms. Realm is usually your domain name capitalized, capitalization is important. KDC is your Active Directory server. Click Ok when you’re done.

NoteTo make sure that your KDC can be automatically located, type in the command host -t any _kerberos._tcp.acme.local in a terminal window. Replace acme.local with your own realm. If it replies “_kerberos._tcp.acme.local has SRV record …” then it works, otherwise you’ll have to fill in the KDC field above. This is how the Windows workstation is able to find the domain controller during domain logon.

4. Uncheck the Enable Kerberos Support and click Ok. We don’t actually want to use Kerberos authentication in Linux, we just want the tool to setup Kerberos for us.
5. Test Kerberos by typing in kinit username in a terminal window. If you need help in making sense of the kinit error messages, check out Test the Kerberos Authentication.

Configuring Cyrus SASL

1. Edit the file /etc/pam.d/smtp.postfix and replace the content with the lines below. 
auth        sufficient   pam_krb5.so no_user_check validate
account     sufficient   pam_permit.so
2. Restart the saslauthd service.
3. Test saslauthd by typing in testsaslauthd -u username -p password -r domain -s smtp in a terminal window.

Cyrus SASL is now configured to authenticate against an Active Directory server. Proceed to Postfix SMTP Authentication for instructions on configuring Postfix. Or restart Postfix or MailScanner and jump directly to the Test Postfix using Telnet part if you have already done so.

Posted by mofan at 6:40 AM

0 comments:

Post a Comment