Debugging why KRB5_KTNAME isn't working
Ken Hornstein
kenh at cmf.nrl.navy.mil
Thu Jan 27 13:45:38 EST 2022
>> Is it possible Postfix is clearing out the environment at startup?
>
>As anything, I suppose it is possible. It would be doing so in
>violation of exactly the purpose of the mechanism that is being used to
>set the environment though.
Hm. From postconf(5):
import_environment (default: see postconf -d output)
The list of environment parameters that a privileged Postfix process
will import from a non-Postfix parent process, or name=value environ-
ment overrides. Unprivileged utilities will enforce the name=value
overrides, but otherwise will not change their process environment.
Is that what you're using? It looks to me that if the variable isn't
listed in the import_environment configuration entry, it doesn't make
it very far and is removed by the function clean_env().
(If you want to demonstrate to others how KRB5_KTNAME is supposed to
work, just include the output of "env KRB5_KTNAME=/dev/stdout kinit" or
some other Kerberos program).
--Ken
More information about the Kerberos
mailing list