[39048] in Kerberos
Re: Debugging why KRB5_KTNAME isn't working
daemon@ATHENA.MIT.EDU (Brian J. Murrell)
Thu Jan 27 14:28:46 2022
Message-ID: <7ab7fa0b1c9ceda2c1af863a00e5b7966924e30e.camel@interlinx.bc.ca>
From: "Brian J. Murrell" <brian@interlinx.bc.ca>
To: <kerberos@mit.edu>
Date: Thu, 27 Jan 2022 14:25:32 -0500
In-Reply-To: <202201271845.20RIjcB2023687@hedwig.cmf.nrl.navy.mil>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Thu, 2022-01-27 at 13:45 -0500, Ken Hornstein wrote:
> >
>
> import_environment (default: see postconf -d output)
> Is that what you're using?
Yes. That is the "for-purpose" mechanism that I alluded to earlier
which is why I posited that if smtpd was clearing the environment it
was doing so in violation of the specific mechanism that was supposed
to make this all work.
> It looks to me that if the variable isn't
> listed in the import_environment configuration entry, it doesn't make
> it very far and is removed by the function clean_env().
In my case, I am using the "name=value" variant so that KRB5_KTNAME is
supposed to be getting an explict value even, rather than relying on
the environment already having the variable set.
> (If you want to demonstrate to others how KRB5_KTNAME is supposed to
> work, just include the output of "env KRB5_KTNAME=/dev/stdout kinit"
> or
> some other Kerberos program).
Indeed. I used as my example:
# KRB5_KTNAME=/etc/postfix/smtp.keytab klist -k
Keytab name: FILE:/etc/postfix/smtp.keytab
KVNO Principal
---- --------------------------------------------------------------------------
1 smtp/server.example.com@EXAMPLE.COM
Cheers,
b.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
