The Postfix Cyrus SASL support is used to authenticate remote SMTP clients to the Postfix SMTP server. Thanks to the Pluggable Authentication Modules (PAM) in Linux, we can configure Cyrus SASL to delegate the authentication process to an Active Directory server.
Setup and Configure Kerberos
The steps below describes how to configure Kerberos using the GUI tool. You can apply the changes manually by editing the file /etc/krb5.conf.
The Kerberos network authentication protocol requires the clocks of the involved machines to be synchronized or at least the difference is less than 5 minutes.
To make sure that your KDC can be automatically located, type in the command host -t any _kerberos._tcp.acme.local in a terminal window. Replace acme.local with your own realm. If it replies “_kerberos._tcp.acme.local has SRV record …” then it works, otherwise you’ll have to fill in the KDC field above. This is how the Windows workstation is able to find the domain controller during domain logon.
Configuring Cyrus SASL
auth sufficient pam_krb5.so no_user_check validate account sufficient pam_permit.so
testsaslauthd -u username -p password -s smtp
Cyrus SASL is now configured to authenticate against an Active Directory server. Proceed to Postfix SMTP Authentication for instructions on configuring Postfix. Or restart Postfix or MailScanner and jump directly to the Test Postfix using Telnet part if you have already done so.
Visit the forum to ask for help or to give a comment.