Table of Contents
This chapter provides simple and well-organized guidelines to configuration of user authentication at Kerberos.
Kerberos is a client-to-server system which enables authentication and authorization of users to increase security while using network resources. Kerberos is described by IETF RFC 4120.
Kerio MailServer includes support for Kerberos V5.
The following logs may be helpful while solving configuration issues:
MS Windows — logs are located in the menu
Linux — logs can be found in the default directory /var/log/syslog
However, this applies only to the Kerberos client. Logging of traffic at the server's side can be performed by adding the following configuration into the /etc/krb5.conf
file:
[logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log
Note: Settings of logging at the server's side is regards Kerberos MIT (US implementation of Kerberos applied in the Active Directory and the Apple Open Directory). Setting of Kerberos Heimdal logging (European implementation of Kerberos which can be found in several Linux distributions) may be different.[7]
Mac OS X Server — logs in the Server Admin application (see chapter 27.4 Starting Open Directory and Kerberos settings)
Kerio MailServer — logs can be found in the Logs section of the administration console. In this case, the Warning, Error and Debug logs are to be considered (User Authentication must be running). For detailed description on individual logs, refer to chapter 25 Logs.
[7] The Kerberos Heimdal's client is also included in the Linux installation packages of Kerio MailServer. It is, however, not important which version is used on the server (Key Distribution Center) and which is used at the client (Kerio MailServer in this case) since the protocol is the same and no problems should occur in the cooperation of the server and the client side.