[39051] in Kerberos
Re: Debugging why KRB5_KTNAME isn't working
daemon@ATHENA.MIT.EDU (Brian J. Murrell)
Thu Jan 27 15:37:14 2022
Message-ID: <91d4b70f6566927b0f81102193232ef8f330981a.camel@interlinx.bc.ca>
From: "Brian J. Murrell" <brian@interlinx.bc.ca>
To: <kerberos@mit.edu>
Date: Thu, 27 Jan 2022 15:34:13 -0500
In-Reply-To: <83zgnh2cxe.fsf@jochen.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-15"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
On Thu, 2022-01-27 at 20:31 +0100, Jochen Kellner wrote:
>
> I once configured postfix to uses sasl:
>
> main.cf:83:smtpd_sasl_auth_enable = yes
I do have that already.
> And in /etc/postfix/sasl/smtpd.conf:
Hrm. I don't have this file. But I never did and this all worked
prior to a few days ago when the machine was upgraded from EL7 to EL8,
which unsurprisingly upgrades a lot of things in big jumps. So maybe
this is now necessary.
Ahh. Looking at smtpd's strace output, it seems it's looking in
/etc/sasl2/smtpd.conf on my machine and I do have that file with:
pwcheck_method: saslauthd
mech_list: gssapi plain login
> keytab: /etc/smtp.keytab
And indeed, winner winner, chicken dinner! Adding a "keytab:
/etc/postfix/smtp.keytab" to that file is making smtpd use the correct
keytab file now.
So this must all be new behavior in some upgraded versions.
Cheers,
b.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos