Kerio Connect User Authentication can be configured using Kerberos. The set up in Virtual Appliance requires advanced configuration both on the Kerio Connect side and Active Directory server.
Setting up Kerberos User Authentication Against Active Directory
Log in to the system console.
Install the Kerberos 5 packages:
apt-get updateapt-get install krb5-config krb5-user
For Kerio Connect 8.5 and older, install the following packages:
apt-get install krb5-clients krb5-config krb5-user
In the Kerberos 5 configuration wizard, configure the Kerberos realm and domain server hostname.
Add a new computer to your Active Directory. Use the same hostname as defined in the appliance (run
hostname -fto display the hostname). If you set up a wrong hostname, change the following configuration files:
Add the Service Principal Name for the computer to the Kerberos database.
Run the following command on your Windows Active Directory (master):
setspn.exe -R hostname
Run the following command on your Kerio Connect console:
kinit -S host/<hostname_domain.com>@<DOMAIN.COM>
<hostname_domain.com> is the appliance hostname that corresponds to the computer name in the Active Directory, and
<DOMAIN.COM> is the Kerberos realm that is in use by your Active Directory.
The command throws a Kerberos error if the mail server machine is not properly joined.