Kerio Connect and Kerberos Authentication against a 10.7/10.8 OpenDirectory Server

To cut a long story short, if you’re trying to get Kerio Connect to authenticate against an OD server running on 10.7 or 10.8 (Lion or Mountain Lion) that’s not running on the same server as it, you’ll need to do this:

Create /Library/Preferences/edu.mit.Kerberos with the following contents (of course changing company.com to your internal domain name)

[libdefaults]
 default_realm = COMPANY.COM
 ticket_lifetime = 600
 dns_fallback = no
 [realms]
 COMPANY.COM = {
 kdc = server.company.com. :88
 admin_server = server.company.com.
 }

https://kb.kerio.com/article/kerberos-authentication-with-osx-107-against-an-opendirectory-server-911.html

I also had to, on my Linux VM running Connect, apt-get install krb5-user so that I could test the Kerberos connection – as a part of the installation, it walked me through setting up my kerberos realm.

This article was posted by Kai Howells. If you liked this content and have any technical work in the Melbourne area, say hello via my contact form or give me a call on 0419 361 653 - I cover most of the greater Melbourne area and my rates are competitive.

Leave a Reply

Your email address will not be published. Required fields are marked *