On Mon, Jun 11, 2012 at 03:16:16PM +0300, Timo Sirainen wrote:
On Fri, 2012-06-08 at 18:59 +0200, Leon Meßner wrote:
Hi list,
i noticed that when doing imap gssapi authentication with kerberos, dovecot (here 2.1.7) always searches /etc/krb5.keytab although i have auth_krb5_keytab = /etc/mail3.krb5.keytab in my etc/dovecot/dovecot.conf and doveconf -n also show this setting. If i combine the keytabs in krb5.keytab it works. Is there another location where i should put my configuration regarding gssapi/kerberos ?
Try if this works:
import_environment = TZ GDB DEBUG_SILENT KRB5_KTNAME
Then start Dovecot with:
KRB5_KTNAME=/etc/mail3.krb5.keytab dovecot
I'm wondering if the code in mech-gssapi.c that sets KRB5_KTNAME environment is being called too late.
It's still looking inside the default krb5.keytab .
/var/log/dovecot.log:
Jun 11 16:26:55 master: Info: Dovecot v2.1.7 starting up
Jun 11 16:26:55 auth: Debug: Loading modules from directory: /usr/local/lib/dovecot/auth
Jun 11 16:26:55 auth: Debug: auth client connected (pid=82646)
Jun 11 16:26:55 auth: Debug: auth client connected (pid=82648)
Jun 11 16:26:55 auth: Debug: auth client connected (pid=82647)
Jun 11 16:26:55 auth: Debug: auth client connected (pid=82649)
Jun 11 16:26:55 auth: Debug: auth client connected (pid=82651)
Jun 11 16:26:55 auth: Debug: auth client connected (pid=82653)
Jun 11 16:26:55 auth: Debug: auth client connected (pid=82655)
Jun 11 16:26:55 auth: Debug: auth client connected (pid=82652)
Jun 11 16:26:55 auth: Debug: auth client connected (pid=82656)
Jun 11 16:26:55 auth: Debug: auth client connected (pid=82657)
Jun 11 16:26:55 auth: Debug: auth client connected (pid=82650)
Jun 11 16:26:55 auth: Debug: auth client connected (pid=82654)
Jun 11 16:27:05 auth: Debug: auth client connected (pid=82669)
Jun 11 16:27:06 auth: Debug: client in: AUTH 1 GSSAPI service=imap secured session=DLX+JDPCLwCClTqR lip=130.149.58.164 rip=130.149.58.145 lport=993 rport=29743
Jun 11 16:27:06 auth: Debug: gssapi(?,130.149.58.145,