[39047] in Kerberos
Re: Debugging why KRB5_KTNAME isn't working
daemon@ATHENA.MIT.EDU (Ken Hornstein via Kerberos)
Thu Jan 27 13:48:33 2022
Message-ID: <202201271845.20RIjcB2023687@hedwig.cmf.nrl.navy.mil>
To: "Brian J. Murrell" <brian@interlinx.bc.ca>
cc: kerberos@mit.edu
In-Reply-To: <0d9c6ad8baa23118afb18a9ff82e9ff99a85d7cb.camel@interlinx.bc.ca>
MIME-Version: 1.0
Date: Thu, 27 Jan 2022 13:45:38 -0500
From: Ken Hornstein via Kerberos <kerberos@mit.edu>
Reply-To: Ken Hornstein <kenh@cmf.nrl.navy.mil>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
>> Is it possible Postfix is clearing out the environment at startup?
>
>As anything, I suppose it is possible. It would be doing so in
>violation of exactly the purpose of the mechanism that is being used to
>set the environment though.
Hm. From postconf(5):
import_environment (default: see postconf -d output)
The list of environment parameters that a privileged Postfix process
will import from a non-Postfix parent process, or name=value environ-
ment overrides. Unprivileged utilities will enforce the name=value
overrides, but otherwise will not change their process environment.
Is that what you're using? It looks to me that if the variable isn't
listed in the import_environment configuration entry, it doesn't make
it very far and is removed by the function clean_env().
(If you want to demonstrate to others how KRB5_KTNAME is supposed to
work, just include the output of "env KRB5_KTNAME=/dev/stdout kinit" or
some other Kerberos program).
--Ken
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
