Debugging why KRB5_KTNAME isn't working
Brian J. Murrell
brian at interlinx.bc.ca
Thu Jan 27 14:25:32 EST 2022
On Thu, 2022-01-27 at 13:45 -0500, Ken Hornstein wrote:
> >
>
> import_environment (default: see postconf -d output)
> Is that what you're using?
Yes. That is the "for-purpose" mechanism that I alluded to earlier
which is why I posited that if smtpd was clearing the environment it
was doing so in violation of the specific mechanism that was supposed
to make this all work.
> It looks to me that if the variable isn't
> listed in the import_environment configuration entry, it doesn't make
> it very far and is removed by the function clean_env().
In my case, I am using the "name=value" variant so that KRB5_KTNAME is
supposed to be getting an explict value even, rather than relying on
the environment already having the variable set.
> (If you want to demonstrate to others how KRB5_KTNAME is supposed to
> work, just include the output of "env KRB5_KTNAME=/dev/stdout kinit"
> or
> some other Kerberos program).
Indeed. I used as my example:
# KRB5_KTNAME=/etc/postfix/smtp.keytab klist -k
Keytab name: FILE:/etc/postfix/smtp.keytab
KVNO Principal
---- --------------------------------------------------------------------------
1 smtp/server.example.com at EXAMPLE.COM
Cheers,
b.
More information about the Kerberos
mailing list