Debugging why KRB5_KTNAME isn't working

Jochen Kellner jochen at
Thu Jan 27 14:31:25 EST 2022

Greg Hudson <ghudson at> writes:

> Of course, the program itself can provide configuration for the keytab
> file.  I couldn't find any gss_ or krb5_ calls in the Postfix source
> code (looking at Viktor Dukhovni's git mirror), so I don't have any
> immediate insight as to whether that's currently possible or what would
> need to change.

I once configured postfix to uses sasl: = yes

And in  /etc/postfix/sasl/smtpd.conf:

pwcheck_method: auxprop saslauthd
#pwcheck_method: saslauthd
mech_list: plain login gssapi
log_level: 0
keytab: /etc/smtp.keytab

That at least worked some time ago...


This space is intentionally left blank.

More information about the Kerberos mailing list