Debugging why KRB5_KTNAME isn't working

Ken Hornstein kenh at cmf.nrl.navy.mil
Thu Jan 27 13:45:38 EST 2022


>> Is it possible Postfix is clearing out the environment at startup?
>
>As anything, I suppose it is possible.  It would be doing so in
>violation of exactly the purpose of the mechanism that is being used to
>set the environment though.

Hm.  From postconf(5):

import_environment (default: see postconf -d output)
       The  list  of  environment parameters that a privileged Postfix process
       will import from a non-Postfix parent process, or  name=value  environ-
       ment  overrides.   Unprivileged  utilities  will enforce the name=value
       overrides, but otherwise will not  change  their  process  environment.

Is that what you're using?  It looks to me that if the variable isn't
listed in the import_environment configuration entry, it doesn't make
it very far and is removed by the function clean_env().

(If you want to demonstrate to others how KRB5_KTNAME is supposed to
work, just include the output of "env KRB5_KTNAME=/dev/stdout kinit" or
some other Kerberos program).

--Ken


More information about the Kerberos mailing list