OS X Server: Enabling Kerberos authentication for Mail services when connected to an Active Directory server
To allow users from an Active Directory to use Kerberos authentication to mail services provided by OS X Server, you will need to make the following changes.
Lion Server, OS X Server (Mountain Lion)
After you have configured your OS X Server to provide Mail services to users from the connected Active Directory, use the following steps to enable Kerberos authentication.
- Enable Kerberos authentication for Mail:
Save the changes.
- Look through the document for the auth_gssapi_hostname value, and change the local host name of your server to "$ALL":
auth_gssapi_hostname = example.server.lan
auth_gssapi_hostname = "$ALL"
- Restart the Mail service.
OS X Server (Mountain Lion):
In the Server app, go to Mail > Authentication > click Edit. Choose "Custom" from the pop-up menu and check the Kerberos box.
In Server Admin, go to Mail > Settings > Advanced > Security and check the box to enable Kerberos for IMAP/POP.
In OS X Lion only, toggling the Kerberos setting in Server Admin will reset the auth_gssapi_hostname value back to the default of your servers local host name, and you will need to repeat steps 3 through 5.