Debugging why KRB5_KTNAME isn't working
Brian J. Murrell
brian at interlinx.bc.ca
Thu Jan 27 15:34:13 EST 2022
On Thu, 2022-01-27 at 20:31 +0100, Jochen Kellner wrote:
> I once configured postfix to uses sasl:
> main.cf:83:smtpd_sasl_auth_enable = yes
I do have that already.
> And in /etc/postfix/sasl/smtpd.conf:
Hrm. I don't have this file. But I never did and this all worked
prior to a few days ago when the machine was upgraded from EL7 to EL8,
which unsurprisingly upgrades a lot of things in big jumps. So maybe
this is now necessary.
Ahh. Looking at smtpd's strace output, it seems it's looking in
/etc/sasl2/smtpd.conf on my machine and I do have that file with:
mech_list: gssapi plain login
> keytab: /etc/smtp.keytab
And indeed, winner winner, chicken dinner! Adding a "keytab:
/etc/postfix/smtp.keytab" to that file is making smtpd use the correct
keytab file now.
So this must all be new behavior in some upgraded versions.
More information about the Kerberos