# dovecot with kerberos/gssapi



## Ofloo (May 12, 2018)

I've recompiled dovecot from ports with gssapi support, on the client i can see a valid ticket


```
klist
Ticket cache: FILE:/tmp/krb5cc_1000_LoKQbD
Default principal: username@REALM

Valid starting     Expires            Service principal
12-05-18 23:12:06  13-05-18 23:12:06  krbtgt/REALM@REALM
12-05-18 23:12:32  13-05-18 23:12:06  imap/server.host.tld@REALM
12-05-18 23:12:32  13-05-18 23:12:06  imap/server.host.tld@REALM
```

However when I set thunderbird to use gssapi/kerberos, .. it says that the ticket wasn't accepted. Check if you're logged onto the realm.

EDIT: Apparently the text based login over TLS doesn't work either anymore.

settings

```
auth_krb5_keytab = /usr/local/etc/dovecot/dovecot-krb5.keytab
auth_mechanisms = plain gssapi
auth_gssapi_hostname = mail.example.com
auth_realms = EXAMPLE.COM
auth_default_realm = EXAMPLE.COM
```


----------

