Debugging why KRB5_KTNAME isn't working

Brian J. Murrell brian at
Thu Jan 27 15:34:13 EST 2022

On Thu, 2022-01-27 at 20:31 +0100, Jochen Kellner wrote:
> I once configured postfix to uses sasl:
> = yes

I do have that already.

> And in  /etc/postfix/sasl/smtpd.conf:

Hrm.  I don't have this file.  But I never did and this all worked
prior to a few days ago when the machine was upgraded from EL7 to EL8,
which unsurprisingly upgrades a lot of things in big jumps.  So maybe
this is now necessary.

Ahh.  Looking at smtpd's strace output, it seems it's looking in
/etc/sasl2/smtpd.conf on my machine and I do have that file with:

pwcheck_method: saslauthd
mech_list: gssapi plain login

> keytab: /etc/smtp.keytab

And indeed, winner winner, chicken dinner!  Adding a "keytab:
/etc/postfix/smtp.keytab" to that file is making smtpd use the correct
keytab file now.

So this must all be new behavior in some upgraded versions.


More information about the Kerberos mailing list