Kerberos Authentication IMAP/SMTP

[rrusse]

Hi,

I am hoping that someone maybe able to help me with regards to Kerberos authentication and Zimbra. I am running zimbra on a Ubuntu server Release 8.8.11.GA.3737.UBUNTU16.64 UBUNTU16_64 NETWORK edition, Patch 8.8.11_P3 on a trial licence as the plan is to migrate our current infrastructure to this new server once is has been tested.

I know there are various guides out there for Kerberos, however these are from older versions of Zimbra and not sure if the implementation is the same on the newest Zimbra release. I have 300 mail accounts, which I am trying to move away from the need to enter passwords 3 or 4 times when connecting to mail client Thunderbird when the user has changed there password. Thunderbird has built in authentication for Kerberos / GSSAPI which I would like to maybe take advantage of. The reason we have opted for Thunderbird is it allows for folder accounts, which means you can select which folders on the mail client will send from what email address. Outlook does not have this feature and neither does the zimbra client, which is problematic for us.

I was wondering if anyone has any good advice/guidlines to which I could follow to set up kerberos with Samba4 AD using Hemidal and if it is actually possilbe. Reading the guides for SPNEGO and Kerberos I am not quite sure how a ticket would be generated for each individual user if you use a generic account.

Thanks