Debugging why KRB5_KTNAME isn't working

Brian J. Murrell brian at interlinx.bc.ca
Thu Jan 27 15:34:13 EST 2022


On Thu, 2022-01-27 at 20:31 +0100, Jochen Kellner wrote:
> 
> I once configured postfix to uses sasl:
> 
> main.cf:83:smtpd_sasl_auth_enable = yes

I do have that already.

> And in  /etc/postfix/sasl/smtpd.conf:

Hrm.  I don't have this file.  But I never did and this all worked
prior to a few days ago when the machine was upgraded from EL7 to EL8,
which unsurprisingly upgrades a lot of things in big jumps.  So maybe
this is now necessary.

Ahh.  Looking at smtpd's strace output, it seems it's looking in
/etc/sasl2/smtpd.conf on my machine and I do have that file with:

pwcheck_method: saslauthd
mech_list: gssapi plain login

> keytab: /etc/smtp.keytab

And indeed, winner winner, chicken dinner!  Adding a "keytab:
/etc/postfix/smtp.keytab" to that file is making smtpd use the correct
keytab file now.

So this must all be new behavior in some upgraded versions.

Cheers,
b.



More information about the Kerberos mailing list