On Mon, Jun 11, 2012 at 05:51:24PM +0200, Leon Meßner wrote:
On Mon, Jun 11, 2012 at 06:26:57PM +0300, Timo Sirainen wrote:
On 11.6.2012, at 17.43, Leon Meßner wrote:
import_environment = TZ GDB DEBUG_SILENT KRB5_KTNAME
i > >> KRB5_KTNAME=/etc/mail3.krb5.keytab dovecot
I'm wondering if the code in mech-gssapi.c that sets KRB5_KTNAME environment is being called too late.
It's still looking inside the default krb5.keytab .
Which Kerberos library are you using? Maybe it doesn't support this way of giving the keytab.
I'm using the stock FreeBSD 8.2-RELEASE one which is heimdal-1.1.0 . I will update the machine to 8.3 (which is the latest release in 8.x),
Updating and recompiling did not help. I don't know where to look for the problem though. If i use the kerberos utilities with KRB5_KTNAME the environment variable is beeing picked up ok.
19:22_root@mail3:/usr/ports/mail/dovecot# KRB5_KTNAME=/etc/mail3.krb5.keytab ktutil list /etc/mail3.krb5.keytab:
Vno Type Principal 1 des-cbc-crc imap/mail3.physik-pool.tu-berlin.de@PCPOOL.PHYSIK.TU-BERLIN.DE 1 des-cbc-md4 imap/mail3.physik-pool.tu-berlin.de@PCPOOL.PHYSIK.TU-BERLIN.DE 1 des-cbc-md5 imap/mail3.physik-pool.tu-berlin.de@PCPOOL.PHYSIK.TU-BERLIN.DE 1 des3-cbc-sha1 imap/mail3.physik-pool.tu-berlin.de@PCPOOL.PHYSIK.TU-BERLIN.DE
19:34_root@mail3:/usr/ports/mail/dovecot# KRB5_KTNAME=/etc/mail3.krb5.keytab kinit -k imap/mail3.physik-pool.tu-berlin.de 19:39_root@mail3:/usr/ports/mail/dovecot# klist Credentials cache: FILE:/tmp/krb5cc_0 Principal: imap/mail3.physik-pool.tu-berlin.de@PCPOOL.PHYSIK.TU-BERLIN.DE
Issued Expires Principal Jun 12 19:39:11 Jun 13 05:39:11 krbtgt/PCPOOL.PHYSIK.TU-BERLIN.DE@PCPOOL.PHYSIK.TU-BERLIN.DE