Administrator's Guide - Kerio Software Archive

24.2 Kerio MailServer on Linuxdebug = falseticket_lifetime = 36000renew_lifetime = 36000forwardable = truekrb4_convert = false}If authentication against the Kerberos server works in full functionality, it is possible to setauthentication at Kerio MailServer. To perform these settings, go to the Directory Service andAdvanced tabs under Configuration → Domains (for details, see chapters 7.6 and 7.7).Authentication against a stand-alone Kerberos server (KDC)To use authentication against a stand-alone Kerberos server (Key Distribution Center), it isnecessary to maintain the username and password database both in Key Distribution Centerand in Kerio MailServer.Before setting Kerberos user authentication at Linux, it is recommended to check that authenticationagainst the Kerberos area functions correctly (check this by logging in the systemusing an account defined in the Key Distribution Center). If the attempt fails, check out thefollowing issues:1. Kerio MailServer is a member of the Kerberos area to be authenticated against:• the Kerberos client must be installed on the computer,• usernames and passwords of all users created in Kerio MailServer must be defined inthe Key Distribution Center (required for authentication in Kerberos).2. the DNS service must be set correctly at Kerio MailServer’s host (Key Distribution Centeruses DNS queries).3. Time of Kerio MailServer and Key Distribution Center (all hosts included in the Kerberosarea) must be synchronized.For proper authentication, define the /etc/krb5.conf file.Example of krb5.conf file’s configuration:[logging]default = FILE:/var/log/krb5libs.logkdc = FILE:/var/log/krb5kdc.logadmin_server = FILE:/var/log/kadmind.log[libdefaults]ticket_lifetime = 24000default_realm = COMPANY.COMdns_lookup_realm = falsedns_lookup_kdc = yes271