On ke, 14 joulu 2022, Carlos Mogas da Silva via FreeIPA-users wrote:
Hi list!
I'm migrating my server into a new REALM (INT.R3PEK.ORG) from an old one (R3PEK.ORG). This is a completely new install and configuration, so no leftovers exits. The machine is correctly register into the REALM and users are able to login without a problem.
Now, when I try to login using a Kerberos ticket, for some reason that I can't understand, dovecot is looking for a ticket on the old REALM. Maybe because of the email domain (which stayed the same)? This is the error message I see on the clients: "Failed to authenticate: Server krbtgt/R3PEK.ORG@INT.R3PEK.ORG"
The one it should be looking for is krbtgt/INT.R3PEK.ORG@INT.R3PEK.ORG, but I can't seem to figure out where the problem is.
I've posted the same email to the dovecot mailing list, but since I'm not sure this is a dovecot/configuration issue or something that I should have done on the FreeIPA side, I'm posting it here too just to have some feedback.
Could you please share your Dovecot and krb5 configuration on that Dovecot server?
It is hard to help without seeing anything.