On 02/02/2011 02:38 PM, Timo Sirainen wrote:
On Wed, 2011-02-02 at 14:29 -0700, Trever L. Adams wrote:
dn = smtp/mailhost.example.org@EXAMPLE.ORG sasl_bind = yes sasl_mech = GSSAPI sasl_realm = EXAMPLE.ORG sasl_authz_id = smtp/mailhost.example.org@EXAMPLE.ORG LDAP SASL authentication goes through Cyrus SASL library, nothing Dovecot can do about it, except for me to write my own LDAP library. Ok. I can understand that. Additionally, I have "auth_krb5_keytab = /etc/dovecot/krb5.keytab" setup for the GSSAPI user login. So this setting is never used. If that's the problem, you could try if you can work around it in a bit kludgy way:
service auth { executable = /usr/local/bin/auth-wrapper.sh }
Which contains:
#!/bin/sh export KRB5_KTNAME=/etc/dovecot/krb5.keytab exec /usr/local/libexec/dovecot/auth -k I thought I saw a patch on the mailing list in 2007 that set KRB5_KTNAME if auth_krb5_keytab was set in the configuration. I guess it was either ntlm specific or was not accepted.
Postfix (the other half of my solution -- though the version I am using doesn't do SASL LDAP yet, but 2.9.x does) allows you, in the configuration, to set what environment variables it should not unset and even define new ones (an example -- import_environment = KRB5_KTNAME=/etc/dovecot/krb5.keytab). This may be a good solution for Dovecot specifically for things like this.
I would rather not have to run bash or any other shell just to set the environment variable. I will for the time being.