Our thinking


Kerio Connect and Kerberos Authentication against a 10.7/10.8 OpenDirectory Server

To cut a long story short, if you’re trying to get Kerio Connect to authenticate against an OD server running on 10.7 or 10.8 (Lion or Mountain Lion) that’s not running on the same server as it, you’ll need to do this:

Create /Library/Preferences/edu.mit.Kerberos with the following contents (of course changing company.com to your internal domain name)

[libdefaults]
 default_realm = COMPANY.COM
 ticket_lifetime = 600
 dns_fallback = no
 [realms]
 COMPANY.COM = {
 kdc = server.company.com. :88
 admin_server = server.company.com.
 }

https://kb.kerio.com/article/kerberos-authentication-with-osx-107-against-an-opendirectory-server-911.html

I also had to, on my Linux VM running Connect, apt-get install krb5-user so that I could test the Kerberos connection – as a part of the installation, it walked me through setting up my kerberos realm.

Leave a Reply