On ke, 14 joulu 2022, Carlos Mogas da Silva via FreeIPA-users wrote:
Hi list!
I'm migrating my server into a new REALM (
INT.R3PEK.ORG) from an old
one (
R3PEK.ORG). This is a completely new install and configuration,
so no leftovers exits.
The machine is correctly register into the REALM and users are able to
login without a problem.
Now, when I try to login using a Kerberos ticket, for some reason that
I can't understand, dovecot is looking for a ticket on the old REALM.
Maybe because of the email domain (which stayed the same)? This is the
error message I see on the clients:
"Failed to authenticate: Server krbtgt/R3PEK.ORG(a)INT.R3PEK.ORG"
The one it should be looking for is
krbtgt/INT.R3PEK.ORG(a)INT.R3PEK.ORG, but I can't seem to figure out
where the problem is.
I've posted the same email to the dovecot mailing list, but since I'm
not sure this is a dovecot/configuration issue or something that I
should have done on the FreeIPA side, I'm posting it here too just to
have some feedback.
Could you please share your Dovecot and krb5 configuration on that
Dovecot server?
It is hard to help without seeing anything.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland