Kerberos
DavMail now includes Windows authentication support, aka Kerberos. A new option is available in DavMail settings to rely on Kerberos token for Exchange authentication.
Windows workstation Kerberos setup
On windows, you have a valid Kerberos ticket on any workstation using your Active Directory logon. However, on recent Windows versions the TGT is not readable from Java. The workaround is to change the following registry key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\ REG_DWORD name: allowtgtsessionkey Value: 1
More details at: JGSS Troubleshooting
Linux workstation Kerberos setup
Windows kerberos token is not available on a default Linux workstation setup. You will need to configure /etc/krb5.conf with Active directory domain name. You may also need to provide a kdc (Active Directory Domain controller):
[libdefaults]
default_realm = CORP.COMPANY.COM
[realms]
CORP.COMPANY.COM = {
kdc = 192.168.184.129
default_domain = CORP.COMPANY.COM
}
Then create Kerberos ticket: kinit username.
Check ticket withklist
DavMail configuration
In Kerberos mode, password provided by clients (IMAP, SMTP, POP, HTTP, LDAP) is ignored, thus you must make sure external connections to DavMail are disabled.
There is no way in current implementation to define a local password to secure client to DavMail communication.
DavMail needs direct access to Kerberos ticket, which means Kerberos will not work in server mode.